Hi - I'm new to Logstash and elasticssearch in general - so hopefully one of you guys can help me.

System is a Openstack VM - Centos 7

New installation of Elasticsearch - both ES and Kibana are working fine, i.e can see the web pages i.e

https://xxxxxxxxx:9200
{
"name" : "7W9UTHr",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "hfNvZVLIQ9SiHb43OjHVUw",
"version" : {
"number" : "5.4.1",
"build_hash" : "2cfe0df",
"build_date" : "2017-05-29T16:05:51.443Z",
"build_snapshot" : false,
"lucene_version" : "6.5.1"
},
"tagline" : "You Know, for Search"
}

Kibana webpage also works from on 5601 so no problems there

My Problems is with Logstash : this section on the installation guide - https://www.elastic.co/guide/en/logstash/current/first-event.html

cd logstash/bin
./logstash -e 'input { stdin { } } output { stdout {} }'

I get nothing back !! just sits there !

logstash conf file is this :

input {
beats {
port => 5043
}
}

filter {
grok {

match => { "message" => "%COMBINEDAPACHELOG}"}

  match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}

])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
}

output {
elasticsearch {
hosts => "0.0.0.0:9200"
}
}

logstash -f /etc/logstash/conf.d/logstash.conf also produces nothing !

All commands running as root !

Any help or pointers appreciated

Ian

Have you tried typing something into your terminal and press Enter? Logstash is just sitting there because it's waiting for your input. If you want Logstash to use your configuration file you need to tell it to use it by passing an -f option.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.