Hi can somebody help me on this, am unable to create an index in elastic search, in this scenario i have already created "test1" index and its log path previously for testing purpose and deleted in elastic search, and now when i am recreating same index and using same path, index was not creating in elastic search, as am new to ELK can someone help me on this

My work flow is Filebeat ---> Logstash ---> Elasticsearch

filebeat.yml file

#======== Filebeat prospectors =============================

filebeat.prospectors:

• input_type: log
  paths:

• /var/lib/docker/volumes/test1.log
  document_type: test1

• input_type: log
  paths:

• /var/lib/docker/volumes/test2.log
  document_type: test2

#----------------------------- Logstash output -----------------------------
output.logstash:

The Logstash hosts

hosts: ["localhost:5044"]

===============================================
logstash.conf

input {
     beats {
     port => 5044
     }
 }

 filter {
     json {
     source => "message"
     target => "log"
     }
 }
 output {
     if [type]=="test1" {
     elasticsearch {
     hosts => ["locahost:9200"]
     index => "test1"
     }
     }
     if [type]=="test2" {
     elasticsearch {
     hosts => ["localhost:9200"]
     index => "test2"
     }
     }
 }

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.