</>
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-07-20 23:45:45.939 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2020-07-20 23:45:46.057 [LogStash::Runner] configpathloader - No config files found in path {:path=>"/etc/logstash/conf.d/fortigate.conf"}
[ERROR] 2020-07-20 23:45:46.064 [LogStash::Runner] sourceloader - No configuration found in the configured sources.
Configuration OK
[INFO ] 2020-07-20 23:45:46.067 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
</>
I am trying to resolve this issue. can someone help here.
I have written a config file
input {
udp {
port => 5555
type => syslog
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss.SSS", "MMM dd HH:mm:ss.SSS" ]
timezone => "UTC"
}
}
}
output {
elasticsearch {
hosts => ["x.x.x.x:9200"]
index => fortigate
}
stdout { codec => rubydebug }
}