Hi,
I am trying to Configure an index pattern in kibana.But as shown in screen shot unable to enter timestamp in text filed and my set up is done in windows
Your index needs to have a field representing DateTime(example created_date). Without this ES will not allow you to add any index.
How can I have logstash indices? If I go to http://localhost:9200/_cat/indices I have the following result:
health status index pri rep docs.count docs.deleted store.size pri.store.size
yellow open logstash 1 1 1 0 2.4kb 2.4kb
yellow open .kibana 1 1 1 0 2.4kb 2.4kb
yellow open logstash- 1 1 1 0 2.4kb 2.4kb
Actually, @taus_alti you can unckeck that top checkbox "Index contains time-based event" and index data w/o timestamps just as well.
@Ashok Looks like you already discovered Logstash, which is the way to go. Your Logstash index names look a little odd -- if you use the default index template, you should have series of indices that look like:
yellow open logstash-2014.10.11 5 1 12130 0 10mb 10mb
yellow open logstash-2014.10.12 5 1 18390 0 10.8mb 10.8mb
yellow open logstash-2014.10.10 5 1 10243 0 9.2mb 9.2mb
This way you can add them using logstash-* or [logstash-]YYYY.MM.DD index patterns and @timestamp will be your time field.
Thanks @tbragin.
If I go to http://localhost:9200/_cat/indices I have the following result after adding indices with timestamp.
yellow open logstash 1 1 1 0 2.4kb 2.4kb
yellow open .kibana 1 1 1 0 2.4kb 2.4kb
yellow open logstash-2013.10.20 1 1 1 0 2.4kb 2.4kb
Is it need to give this index name (logstash-2013.10.20) in .conf file? because i don't have any time field in kibana.And the index showing 2.4 kb only in above.But my log file have 10MB.
And my conf file as shown below. Is it correct?
input { file {
type => "txt"
path => "D:/LOGS/pic.txt"
start_position => "beginning"
} }
output {
elasticsearch { host => localhost
embedded => true
index => "logstash-2013.10.20"
}
stdout { codec => rubydebug }
}