Hi friends, I'm implementing an ELK with apache access logs stores on Amazon S3, but I have a problem when I try to view the graph on Kibana, the dates in the graph doesn't coincide with the dates in logs files. Here a screenshot:
I used these documentation:
How To Install Elasticsearch, Logstash, and Kibana (ELK Stack) on Ubuntu 14.04 - Digital Ocean
Logstash Configuration examples
And this discussion:
Error with S3 input
This is my logstash configuration file:
input {
s3 {
bucket => "my-bucket-name"
delete => false
interval => 60 # seconds
prefix => "access/"
region => "us-east-1"
type => "apache_access"
codec => plain {
charset => "ISO-8859-1"
}
secret_access_key => "my-secret-access-key"
access_key_id => "my-secret-access-id"
sincedb_path => "/mnt/apache/log_sincedb"
backup_to_dir => "/mnt/apache/backup"
use_ssl => true
temporary_directory=>"/mnt/tmp/logstash"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}
I don't know if I have an error with the index pattern on Kibana or if I have an error in mi Logstash configuration file. I would be very grateful if you help me.
(Sorry for my bad english).