Yes, the messages are reaching Logstash.
How do you know?
You mean that changing like this?
output{
stdout { codec => rubydebug }
}
Yes. Now, are the incoming messages written to Logstash's stdout, probably connected to /var/log/logstash/logstash.stdout or similar if you're starting Logstash as a service?
after that trying again to kibana?
No. Forget about Kibana for now.
when enable the elasticsearch output "/var/log/logstash/logstash.stdout"
{
"message" => "\r",
"@version" => "1",
"@timestamp" => "2015-09-30T13:40:57.498Z",
"host" => "0:0:0:0:0:0:0:1",
"type" => "syslog",
"tags" => [
[0] "_grokparsefailure"
],
"syslog_severity_code" => 5,
"syslog_facility_code" => 1,
"syslog_facility" => "user-level",
"syslog_severity" => "notice"
when disable the elasticsearch output, there is only this message "sending logstash logs to /var/log/logstash/logstash.log"
so I looked that file "logstash.log", there are many syslogs with started {:timestamp=>"2015... etc.
Did you mix up "enable" and "disable"? Surely you're getting the output above when disabling the elasticsearch output?
Anyway, this certainly proves that Logstash is getting the messages. But what's the lone carriage return character ("\r") doing there? Is that what's being sent over the wire? It looks like garbage.
Hi,
We have a LOT of syslog/rsyslog/Logstash resources over on http://blog.sematext.com . e.g. here's a related one from 2 days ago: http://blog.sematext.com/2015/09/28/recipe-rsyslog-redis-logstash/ . I think this URL will show you various rsyslog + Logstash posts, many of which are howto style posts: http://blog.sematext.com/tag/syslog,logstash/
HTH!
Otis
When I tried "telnet localhost 514" with coming syslog ( I have seen it with "tcpdump" and copied-pasted with telnet),
in the logstash.stdout, there is a significant log. So its parsing if I send with telnet..
so what should I do? Do you have an idea ?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.