@Badger the weird part of this is, i used it exactly as is. This didn't work at first. I then removed and recreated the .conf file. Pasted the exact reply with the config
input {
beats {
port => 5044
}
}filter {
dissect { mapping => { "message" => "%{[@metadata][timestamp]} %{sourceHost} %{processName}[%{processId}]: %{[@metadata][restOfLine]}" } }
date { match => [ "[@metadata][timestamp]", "YYYY:MM:ss-HH:mm:ss" ] }
kv { source => "[@metadata][restOfLine]" }
}output {
elasticsearch {
hosts => ["http://172.16.1.2:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.DD}"
}
}
I removed everything relating to logstash, index patterns etc. I restarted filebeat and logstash and would you know it, this works!!!!
Mate, thank you so much for the help. Your solution finally got this working for me.