New with elastic need some help

Hello, I new with elastic. I wnat to send data from nginx server to audit access usage. Searching in google I saw a way to send data in json format using nginx json formater. From nginex I send messagesto local rsyslog, and from local rsyslog to remote rsyslog (where logstash is installed), from remote rsyslog I send msg to logstash. First time I received an error about the format. But I finally solved this error by removing all not json parts of the message in rsyslog with a rsyslog template in configuration:

$template onlyMsg,"%msg%\n"
local6.info /tmp/auditoria.log; onlyMsg

local6.info action(
type="omfwd"
template="onlyMsg"
Target="10.245.56.96"
Port="5001"
Protocol="tcp"
)

As you can see the I send logs to a local file system (/tmp/auditoria.log) in order to verify the result and I can see that is a well formed json message.
Once I put this template I can see no more errors in logstash, and I can see how logsthash connect to elastic on port 9200 when I write logs on nginx but I can not anything in elastic logs and I can not see anithing in kibana. I dont know if i missing something or if I am not using kibana properly.
I appreciate for help anyone.

What about using filebeat?

There's really not enough information here to help diagnose your specific problem

@dadoonet's suggestion to try filebeat might be worth checking out.

Do you know basic elasticsearch things like enumerating indices and seeing the documents stored in those indices?

@javier_Munoz Specifically you might want to take a look at the ngnix filebeat module that can can easily ingest ngnix access and error logs and comes with automatically created Kibana dashboards that might be a good starting place.

Hello, finally it was my mistake. All the logs were stored in elastic but It was me that didn't know who to see them in kibana. It seemed that rsyslog and logstash were working properly .

Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.