I configured logstash to parse netflow, opened port 9995 and restarted the service.
I can see the data coming in via TCPDUMP however I do not see it in ES after the first ingest which I find kind of head scratching.
I'm new to this stack so I am having a hard time figuring out where to start troubleshooting. I don't see anything in the logs.
If anyone can get me started, I'd appreciate it.
It's logstash 3.x, everything was installed via YUM
Thanks
There is no logstash 3.0 , its either 5.X or 2.X they skipped 3 and 4
that aside,
Lets ask the basic questions first. What does your basic logstash config look like, is there anything in the logfiles, is Logstash up and running.
after that.
I would start logstash manually /bin/logstash -f config file
oh and add a stdout to the config file to see if it is being processed
output{
stdout{ codec=>"rubydebug"
}
once you know the data is coming in, being processed by logstash and being output, then we can go on to the next steps of looking at your elasticsearch output statement and whatnot
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.