Unable to get logs in Kibana on Red Hat Enterprise Linux 7

Hi

I want t display logs in Kibana on Red Hat Enterprise Linux 7.

I have elasticsearch-6.4.0.rpm, kibana-6.4.0-x86_64.rpm and logstash-6.4.1 installed.

My logstash file is as follows:

input {
file {
type => "java"
path => "/var/log/sample.log"
codec => multiline {
pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.*"
#negate => "true"
#what => "previous"
}
}
}
output {

elasticsearch {
hosts => ["localhost:9200"]
index => "abc-%{+YYYY.MM.dd}"

}
}

I have un-commented some content in kibana.yml file which is as follows:

elasticsearch.url: "http://localhost:9200"

logging.dest: stdout

In /usr/share I have kibana folder in which I have the files/folders as below:
bin LICENSE.txt node node_modules NOTICE.txt optimize package.json plugins README.txt src webpackShims yarn.lock

In /etc I have kibana file/folder in which I have one file as below:
kibana.yml

In /usr/share I have elasticsearch folder in which I have the files/folders as below:
bin lib LICENSE.txt modules NOTICE.txt plugins README.textile

In /etc I have elasticsearch folder in which I have files/folders as below:
elasticsearch.keystore elasticsearch.yml jvm.options log4j2.properties role_mapping.yml roles.yml users users_roles

To run:

I am running elasticsearch by giving the following command:
sudo /etc/init.d/elasticsearch start

I am running kibana by giving the following command:
sudo /etc/init.d/kibana start

I am running the logstash by giving the following command:
/opt/logstash/bin/logstash -f /etc/logstash/logstash.conf

On doing the above things, I am not getting the logs in Kibana in stdout and stderr files.

Can you please help me on this.

Not exactly the answer you are looking for but why are you using Logstash for this? filebeat would be more efficient IMO just to read log lines and send them to elasticsearch.

Hi David

Thank you so much for your reply. Can you please tell me how to configure filebeat so that I can get logs in Kibana.

Regards

K. Raja Praveen.

Start here: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html

Thank you David. I will refer to the link which you have provided. If any doubts further , I will contact you here.

If you have trouble with filebeat then I'd suggest you ask in #beats:filebeat instead. :hugs:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.