Hi can somebody help me on this, am unable to create an index in elastic search, in this scenario i have already created "test1" index and its log path previously for testing purpose and deleted in elastic search, and now when i am recreating same index and using same path, index was not creating in elastic search, as am new to ELK can someone help me on this
My work flow is Filebeat ---> Logstash ---> Elasticsearch
filebeat.yml file
#======== Filebeat prospectors =============================
filebeat.prospectors:
-
input_type: log
paths: -
/var/lib/docker/volumes/test1.log
document_type: test1 -
input_type: log
paths: -
/var/lib/docker/volumes/test2.log
document_type: test2
#----------------------------- Logstash output -----------------------------
output.logstash:
The Logstash hosts
hosts: ["localhost:5044"]
===============================================
logstash.conf
input {
beats {
port => 5044
}
}
filter {
json {
source => "message"
target => "log"
}
}
output {
if [type]=="test1" {
elasticsearch {
hosts => ["locahost:9200"]
index => "test1"
}
}
if [type]=="test2" {
elasticsearch {
hosts => ["localhost:9200"]
index => "test2"
}
}
}