Manage different type of logs with logstash

I'm trying to managing different type of logs with logstash, but i don't see them in kibana.
logstash pipeline:

input {
	udp {
		port => 5000
		type => "heartbeat"
	}
	udp {
		port => 6000
		type => "startup_shutdown"
	}
}

filter {
	if [type] == "heartbeat" {
		grok {
				match => { "message" => "\[%{NUMBER:opcode:int},%{NUMBER:sender:int},%{NUMBER:alertbitmap:int},%{NUMBER:bat:float},%{NUMBER:ant:int},%{NUMBER:resbat:int},%{NUMBER:temp:float},%{NUMBER:presatm:int},%{NUMBER:umid:int},%{NUMBER:vertical:int},%{NUMBER:analog1:float},%{NUMBER:analog2:float},%{NUMBER:analog3:float},%{NUMBER:analog4:float},%{NUMBER:spostam:int},%{NUMBER:contporta1:int},%{NUMBER:contporta2:int},%{NUMBER:digital1:int},%{NUMBER:digital2:int},%{NUMBER:digital3:int},%{NUMBER:digital4:int},%{NUMBER:time:int}\]" }
		}
	} 
	if [type] == "startup_shutdown" {
		grok {
				match => { "message" => "\[%{NUMBER:opcode:int},%{NUMBER:sender:int},%{NUMBER:time:int}\]" }
		}
	}
}

output {
	elasticsearch {
		hosts => "elasticsearch:9200"
	}
}

How can I solve this problem? thanks in advance.

You need to create a index pattern in Kibana, did you do that?

Yes, I created a unique index pattern in kibana, but i don't see only the UDP messages coming from port 6000, but i see UDP messages from port 5000

Check logstash and elasticsearch logs for errors

Check firewall rules on logstash, is UDP port 6000 listening and open?

Use tcpdump on the logstash host to ensure that udp 6000 events are arriving

port 6000 was closed, thanks a lot

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.