This interval creates too many buckets to show in the selected time rage

Hamza_El_Aouane · May 14, 2021, 6:24pm

@Lukas I am pretty sure the error is coming from my logstash.conf and how is configured

input {
  syslog {
    port => 3014
    codec => cef
    syslog_field => "syslog"
    grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
 }
}
output {
  elasticsearch {
     hosts => ["localhost:9200"]
         index => "logstash_index"
 }
}

Any advice how I can configure this to receive all and any data coming through the port 3014?

Topic		Replies	Views
Logstash not ingesting syslog Logstash	16	12593	January 11, 2017
Using logstash for parsing logs Logstash	21	6732	July 6, 2017
Logstash stop communicating with Elasticsearch Elasticsearch	4	600	July 6, 2017
Use elasticsearch with syslog Elasticsearch	9	948	July 6, 2017
A strange behavior we've encountered on our ELK Elasticsearch	15	600	July 6, 2017

This interval creates too many buckets to show in the selected time rage

Related topics