Not able to search a specific log file in Kibana UI

Elastic Stack Elasticsearch
1

Hi,

I am running the Elastic Stack on Red Hat Enterprise Linux release 8.8 (Ootpa) and the versions are as below.

# rpm -qa | grep logstash
logstash-8.11.0-1.x86_64
# rpm -qa | grep elasticsearch
elasticsearch-8.11.0-1.x86_64
# rpm -qa | grep kibana
kibana-8.11.0-1.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.8 (Ootpa)
#
# pwd
/etc/logstash/conf.d
# ls -l
total 8
-rw-r--r--. 1 root root 202 Nov 17 17:33 apigee-logstash.conf
-rw-r--r--. 1 root root 267 Nov 17 23:56 tomcat-logstash.conf
# cat tomcat-logstash.conf
input {
  beats {
    port => 5044
  }
}

filter {
  # Add any necessary filters for Tomcat logs
}

output {
  elasticsearch {
    hosts => ["192.168.0.109:9200"]  # Replace with your Elasticsearch server address and port
    index => "ms-logs-%{+YYYY.MM.dd}"
  }
}

# cat apigee-logstash.conf
input {
  beats {
    port => 5044
  }
}
output {
  elasticsearch {
    hosts => ["192.168.0.109:9200"]  # Replace with your Elasticsearch server address and port
    index => "cbapiproxies-log"
  }
}

#

Can I have both apigee-logstash.conf and tomcat-logstash.conf inside /etc/logstash/conf.d directory?

# rpm -qa | grep filebeat
filebeat-8.11.0-1.x86_64
#

Filebeat yml file -> https://sprunge.us/bIAzc2

I am not able to see the contents of /var/log/elk.log as per the https://sprunge.us/bIAzc2 in Elastic stack while searching for index => "cbapiproxies-log" in Kibana dashboard. Am I missing anything as per the above Logstash config?

Please guide me. Thanks in advance.

Best Regards,

Kaushal

2

Hi,

Checking in again if someone can pitch in for my earlier post to this forum?

Please guide me. Thanks in advance.

Best Regards,

Kaushal

3

Hi,

Can someone please pitch in for my earlier post to this forum?

Thanks in advance.

Best Regards,

Kaushal

4
  1. Make sure that ES is up, check: curl http://192.168.0.109:9200 or curl http://localhost:9200
  2. LS cannot run 2 .conf file on the same port 5014. You can:
    a) change to different ports
    b) merge to 1 conf file and set fields or tags in filebyte.yml use IFs to differ codes in .conf

If you need ES logs, there is the elasticsearch module, enable it, and set params in /etc/filebeat/modules.d/elasticsearch.yml . This is easier way.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.