set up logstash like this:
input {
syslog {
port => 1514
type => syslog
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch.service.consul:9200"]
}
}
However, I'm not receiving any data. In Kibana I specified "logstash-*" as the index, but I'm still getting "Unable to fetch mapping".
I'm not getting any error messages in elasticsearch or logstash.
In my rsyslog.conf I have the following:
. @@localhost:1514
Am I missing something obvious here?
Hi Jeroen,
Some ideas ->
1). Did you restart rsyslog after making those changes in the conf file?
2). @@ is for TCP and single @ is for UDP. Just making sure...
3). I would also add one more output in the conf file ->
stdout { codec => rubydebug }
If I see data there, it means there is nothing wrong with Syslog -> Logstash pipeline and only need to investigate the output part to elasticsearch.
If above holds true, then
a). have you been able to send anything else to that elasticsearch instance?
b). Is that reachable from your logstash instance? Firewall/network etc.?
c). Is elasticsearch up and running?
d). Maybe try IP instead of hostname? DNS issue?
--Jai
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.