I am fairly new to Elastic stack and I am trying use functionbeat to stream logs to logstash and then to elasticsearch. I tested my streaming with the following logstash config:
input {
beats {
port => 5044
}
}
output {
file {
path => "/tmp/cloudwatch_out.text"
codec => rubydebug
create_if_deleted => true
}
When I tail that file I do see logs streaming into it.
But when I changed the logstash config to go to elasticsearch
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}"
}
}
I created an index and an index pattern
I then try to run this in the console
GET functionbeat-7.8.0/_search
{
"query": {
"match_all": {}
}
}
A few documents are returned but it doesn't seem to be all the documents and I never see any new documents.
I also did
curl -X GET http://localhost:9200/functionbeat-7.8.0/_search?pretty=true
With same results. Most of the instructions to set this up seem pretty simple but I suspect I am missing something basic
Basically I'm asking how I can see or visualize these logs