Not getting logs entries on the kibana - after Xpack Configuration | ELK v7.1

Ranjith_SG1 · July 2, 2019, 11:00am

We are not getting log entries in the - kibana after configuring xpack in version 7.1 . below is the logsatsh conf file . Let me know is anything wrong in the configuration . - User -elastic( role - super user)

logstash.yml: - Added below lines in the yml file
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: xxxxxxxxxxxxxxxx

logstash.conf:
input {
file {
path => "/gsa/bldgsa/projects/a/logEvent_2019*"
type => "IVT_syslog"
start_position => "beginning"
sincedb_path => "/tmp/sincedb/ivt_syslogs"
close_older => 0
exclude => "*.gz"
elasticsearch { user => elastic
password => xxxxxxxxxxxxxxxxxxx
}
}
}

filter {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program})?: logEvent [%{WORD:logevent}][%{DATA:protocol}][%{DATA:messagetype}]%{GREEDYDATA:syslog_message}" }
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
timezone => "UTC"
}
elasticsearch { user => elastic
password => xxxxxxxxxxxxxxxx
}
}

output {
elasticsearch { hosts => ["localhost:9200"]
user => elastic
password => xxxxxxxxxxxxx
}
stdout { codec => rubydebug }
}

ikakavas · July 2, 2019, 11:06am

Hello,

Please user the </> button or backticks (```) when adding configuration snippets in your posts as it is really hard to read through them if you don't do it. You can use the preview panel on the right to see how your post looks like before submitting it.

Also, please go through our documentation here, it should have all the information you are looking for. When you perform the necessary actions, if you still have issues or questions, we'll be happy to help out

system · July 30, 2019, 11:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.