Hi guys I´m having problem with logstash.
I am using:
elasticsearch-1.5.2-1.noarch
logstash-1.5.1-1.noarch
logstash-forwarder-0.4.0-1.x86_64
and CentOs 7x.
I have 3 files as config in logstash/conf.d/
01-lumberjack-input.conf
input {
lumberjack {
port => 5000
type => "logs"
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
10-syslog.conf
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
30-lumberjack-output.conf
output {
#elasticsearch { host => localhost =>"logstash-%{+YYYY.MM.dd}" }
elasticsearch { host => localhost }
stdout { codec => rubydebug }
}
Elasticsearch doesn't have and index of logstash.
I found this in my logstash.log
{:timestamp=>"2015-06-23T15:44:30.185000-0300", :message=>"SIGTERM received. Shutting down the pipeline.", :level=>:warn}
{:timestamp=>"2015-06-23T15:44:30.188000-0300", :message=>"Exception in lumberjack input", :exception=>#, :level=>:error}
The keys exists in the path.
I used configtest to test the configuration and get okay as response.
Anyone have a clue?