I just installed 6.1.1 of all three. I then setup Palo Alto to send syslog over udp/5514.
I configured the logstash config file for input from syslog to output elasticsearch.
Kibana is giving me the index error and there is no button to create an index like earlier versions i've used.
I know syslog traffic is coming in to the server but I don't know where its stored and there is no ability to create the first index that is required to get past this fresh install.
Am I missing something?
I figured out my problem.
Logstash was running but no sockets open and no logstash logs were created in /var/log/logstash as a result. That was preventing logs from coming in and going out to elasticsearch.
After further digging, i found a post where the solution was that java version 9 was not yet supported. I too was running version 9.
I removed it and replaced with 8.0.152 and now things are working.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.