Sensu to send logs to logstash

Lakshmi_D · February 13, 2017, 6:56pm

im not able to see logs from to elk

magnusbaeck · February 14, 2017, 6:50am

If you want help you need to supply more details.

Lakshmi_D · February 14, 2017, 4:55pm

these are my config at sensu side :
{
"logstash": {
"output": "udp",
"server": "localhost",
"port": 5000,
"list": "logstash",
"type": "sensu-logstash",
"custom": {
"@metadata": {
"type": "sensu logstash handler",
"beat": "sensu"
}
}
},
"handlers": {
"logstash": {
"command": "/etc/sensu/handlers/handler-logstash.rb",
"type": "pipe"
}
}
}

Lakshmi_D · February 14, 2017, 4:58pm

config file at logstash.conf
input {
tcp {
port => 5000
type => "company-tcp"
codec => "json"
}
udp {
port => 5000
type => "company-udp"
codec => "json"
}
}

filter {

}

output {
if ("METRICS" in [tags]) {
elasticsearch {
hosts => ["elasticsearch"]
index => "metrics-%{+YYYY.MM.dd}"
}
} else {
elasticsearch {
hosts => ["elasticsearch"]
index => "logstash-%{+YYYY.MM.dd}"
}
}
stdout {
codec => rubydebug
}
}

Lakshmi_D · February 14, 2017, 4:59pm

Sensu is executing my checks but on logstash there are no logs from sensu!!!
thanks in advance

magnusbaeck · February 14, 2017, 5:45pm

Have you established that Sensu actually tries to connect to Logstash? Have you looked in the Logstash logs to see if Logstash is having any problems processing the events?

Lakshmi_D · February 14, 2017, 6:02pm

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
16:36:46.760 [main] INFO logstash.setting.writabledirectory - Creating directory {:setting=>"path.queue", :path=>"/usr/share/logstash/data/queue"}
16:36:46.979 [LogStash::Runner] INFO logstash.agent - No persistent UUID file found. Generating new UUID {:uuid=>"63bb1755-63ea-43eb-bb36-b02a5a652a18", :path=>"/var/lib/logstash/uuid"}
16:36:51.602 [[main]-pipeline-manager] INFO logstash.inputs.tcp - Automatically switching from json to json_lines codec {:plugin=>"tcp"}
16:36:51.632 [[main]-pipeline-manager] INFO logstash.inputs.tcp - Starting tcp input listener {:address=>"0.0.0.0:5000"}
16:36:51.816 [[main]<udp] INFO logstash.inputs.udp - Starting UDP listener {:address=>"0.0.0.0:5000"}
16:36:52.276 [[main]<udp] INFO logstash.inputs.udp - UDP listener started {:address=>"0.0.0.0:5000", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
16:36:54.542 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>["http://elasticsearch:9200"]}}
16:36:54.545 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Running health check to see if an Elasticsearch connection is working {:url=>#<URI::HTTP:0x4acb2dae URL:http://elasticsearch:9200>, :healthcheck_path=>"/"}
16:36:55.238 [[main]-pipeline-manager] WARN logstash.outputs.elasticsearch - Restored connection to ES instance {:url=>#<URI::HTTP:0x4acb2dae URL:http://elasticsearch:9200>}
16:36:55.290 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Using mapping template from {:path=>nil}
16:36:57.098 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
16:36:57.209 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Installing elasticsearch template to _template/logstash
16:36:57.779 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["elasticsearch"]}
16:36:57.871 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>["http://elasticsearch:9200"]}}
16:36:57.880 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Running health check to see if an Elasticsearch connection is working {:url=>#<URI::HTTP:0x47651915 URL:http://elasticsearch:9200>, :healthcheck_path=>"/"}
16:36:57.903 [[main]-pipeline-manager] WARN logstash.outputs.elasticsearch - Restored connection to ES instance {:url=>#<URI::HTTP:0x47651915 URL:http://elasticsearch:9200>}
16:36:57.950 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Using mapping template from {:path=>nil}
16:36:58.077 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
16:36:58.128 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["elasticsearch"]}
16:36:58.202 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
16:36:58.291 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
16:36:58.885 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}

Lakshmi_D · February 14, 2017, 6:04pm

this is my logs for logstash and when i check the lastlog in logstash there are no logs available!!!!!!!!!
And how can i check the sensu connect to logstash?!!!!

magnusbaeck · February 14, 2017, 7:31pm

this is my logs for logstash and when i check the lastlog in logstash there are no logs available!!!!!!!!!

"lastlog"?

And how can i check the sensu connect to logstash?!!!!

Wireshark, for example.

system · March 14, 2017, 7:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.