Hi,
I am running the Elastic Stack on Red Hat Enterprise Linux release 8.8 (Ootpa) and the versions are as below.
# rpm -qa | grep logstash
logstash-8.11.0-1.x86_64
# rpm -qa | grep elasticsearch
elasticsearch-8.11.0-1.x86_64
# rpm -qa | grep kibana
kibana-8.11.0-1.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.8 (Ootpa)
#
# pwd
/etc/logstash/conf.d
# ls -l
total 8
-rw-r--r--. 1 root root 202 Nov 17 17:33 apigee-logstash.conf
-rw-r--r--. 1 root root 267 Nov 17 23:56 tomcat-logstash.conf
# cat tomcat-logstash.conf
input {
beats {
port => 5044
}
}
filter {
# Add any necessary filters for Tomcat logs
}
output {
elasticsearch {
hosts => ["192.168.0.109:9200"] # Replace with your Elasticsearch server address and port
index => "ms-logs-%{+YYYY.MM.dd}"
}
}
# cat apigee-logstash.conf
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["192.168.0.109:9200"] # Replace with your Elasticsearch server address and port
index => "cbapiproxies-log"
}
}
#
Can I have both apigee-logstash.conf and tomcat-logstash.conf inside /etc/logstash/conf.d directory?
# rpm -qa | grep filebeat
filebeat-8.11.0-1.x86_64
#
Filebeat yml file -> https://sprunge.us/bIAzc2
I am not able to see the contents of /var/log/elk.log as per the https://sprunge.us/bIAzc2 in Elastic stack while searching for index => "cbapiproxies-log" in Kibana dashboard. Am I missing anything as per the above Logstash config?
Please guide me. Thanks in advance.
Best Regards,
Kaushal