No Output shown on kibana

Elastic Stack Kibana
1

Hi, I have parsed a few sample syslog messages through logstash. I am receiving the right output on the logstash cmd but nothing is displayed on the kibana dashboard.
I need help in figuring out how to get the same.
This is my conf file-

input { 
  file {
      path => "C:/elk stack/samples.log"
      start_position => "beginning"
      type => "syslog"
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri {}
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}


output {
  elasticsearch { # output to ES
    hosts => [ "localhost:9200" ]
    index => "indexforsyslog17"
  }
  stdout { codec =>  "rubydebug" }
}

These are the sample syslog messages-

Dec 23 12:11:46 louis postfix/smtpd[31499]: connect from unknown[95.75.93.154]
Dec 23 14:42:59 louis named[16000]: client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' denied

The output on my logstash powershell is -

{
              "@timestamp" => 2022-12-23T06:41:46.000Z,
                 "message" => "Dec 23 12:11:46 louis postfix/smtpd[31499]: connect from unknown[95.75.93.154]\r",
              "syslog_pid" => "31499",
          "syslog_message" => "connect from unknown[95.75.93.154]\r",
                    "path" => "C:/elk stack/samples.log",
                    "type" => "syslog",
                "@version" => "1",
         "syslog_hostname" => "louis",
          "syslog_program" => "postfix/smtpd",
        "syslog_timestamp" => "Dec 23 12:11:46",
    "syslog_severity_code" => 5,
             "received_at" => "2022-02-17T06:38:15.329Z",
           "received_from" => "IE3BLTGPCZXD3",
    "syslog_facility_code" => 1,
         "syslog_facility" => "user-level",
                    "host" => "IE3BLTGPCZXD3",
         "syslog_severity" => "notice"
}
{
              "@timestamp" => 2022-12-23T09:12:59.000Z,
                 "message" => "Dec 23 14:42:59 louis named[16000]: client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' denied\r",
              "syslog_pid" => "16000",
          "syslog_message" => "client 199.48.164.7#64817: query (cache) 'amsterdamboothuren.com/MX/IN' denied\r",
                    "path" => "C:/elk stack/samples.log",
                    "type" => "syslog",
                "@version" => "1",
         "syslog_hostname" => "louis",
          "syslog_program" => "named",
        "syslog_timestamp" => "Dec 23 14:42:59",
    "syslog_severity_code" => 5,
             "received_at" => "2022-02-17T06:38:15.347Z",
           "received_from" => "IE3BLTGPCZXD3",
    "syslog_facility_code" => 1,
         "syslog_facility" => "user-level",
                    "host" => "IE3BLTGPCZXD3",
         "syslog_severity" => "notice"
}

However, kibana shows no output at the time

image
image1393×579 65.7 KB

Help would be appreciated
Thank you

2

From the screenshot, it looks like your selected date range is for a couple of hours only on Feb 17th, when in fact you are interested in data from Dec 23th 2022. Could you select a wider date-range and let us know if the problem persists?

3

Yes that's where I was going wrong. It's working perfectly! thank you

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.