Hello,
I have installed Logstash, Elasticsearch and Kibana on my CentOS 7 machine. I was able to do the installations successfully. But when I try to access the apache access logs, it doesn't get the output. here is what I have done.
I've created a file sudo vi /etc/logstash/conf.d/01-webserver.conf
Added the following code in the file to access the logs:
input
{
file
{
path => "/var/log/httpd/access_log"
start_position => "beginning"
}
}
filter
{
if [type] == "apache-access"
{
grok
{
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date
{
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output
{
elasticsearch
{
hosts => ["127.0.0.1:9200"]
}
stdout { codec => rubydebug }
}
Then, I run this command to list the logstash indexes:
curl -XGET http://127.0.0.1:9200/_cat/indices?v
It gives me this:
health status index pri rep docs.count docs.deleted store.size pri.store.size
yellow open .kibana 1 1 1 0 3.1kb 3.1kb
It doesn't show any log related logstash indexes here.
can you please help!!