Unable to parse files to logstash

Shaswata_Bisi · October 27, 2017, 6:02am

hi. I am new to elastic search. I tried to send log files through file beat into the logstash but I am not getting any outcome in the console. my configuration file is as follows

input {
beats {
host => "10.53.56.98"

The port to listen on

port => "5044"

	# The paths to your ssl cert and key
	#ssl_certificate => "D:/ELK stack with OS metrics/sslnew/lumberjack.crt"
	#ssl_key => "D:/ELK stack with OS metrics/sslnew/lumberjack.key"

	# Set this to whatever you want.
	#type => "osmetrics"

}
}

filter {

csv {
separator => ","
columns => ["Timestamp",
"Memory-% Committed Bytes In Use",
"Memory-Available Bytes",
"Memory-Available KBytes",
"Memory-Available MBytes",
"Memory-Page Faults/sec",
"Memory-Free System Page Table Entries",
"PhysicalDisk(_Total)-Avg. Disk Bytes/Read",
"PhysicalDisk(_Total)-Avg. Disk Bytes/Write",
"PhysicalDisk(_Total)-Current Disk Queue Length",
"PhysicalDisk(_Total)-Disk Read Bytes/sec",
"PhysicalDisk(_Total)-Disk Write Bytes/sec",
"Process(_Total)-% Processor Time",
"Process(_Total)-% User Time",
"Process(_Total)-ID Process",
"Process(_Total)-Thread Count",
"Process(_Total)-Working Set",
"Process(_Total)-IO Read Bytes/sec",
"Process(_Total)-IO Write Bytes/sec",
"Processor(_Total)-% Idle Time",
"Processor(_Total)-% Processor Time",
"Processor(_Total)-% User Time"]
}

#if [host] == "INHYICBIVM005"{

mutate {
update => { "host" => "Informatica_Server" }
}
#}
#if [host] == "INHYICBIVM003"{

mutate {
update => { "host" => "Datastage_Server" }
}
#}
#if [host] == "INHYICBIVM008"{

mutate {
update => { "host" => "Qlikview_Server" }
}
#}
#if [host] == "INHYICBIVM011"{

mutate {
update => { "host" => "SSIS_SSRS_Server" }
}
#}
}

output {
elasticsearch {
hosts=> ["10.53.56.98:9200"]
index => systemosmetricsindex
}
stdout{codec => rubydebug }
}

Can you please tell me what is the error ?

magnusbaeck · October 27, 2017, 9:48am

host => "10.53.56.98"

What address is this?

Shaswata_Bisi · October 27, 2017, 10:36am

This is the localhost ip address

steffens · October 27, 2017, 2:02pm

Please format logs and configuration files using the </> button. This helps in reading/understanding your configuration.

Start with a very minimal logstash configuration sending to stdout only. No Elasticsearch and no filters...

Also have a look at Filebeat/Logstash logs! Without logs I can't tell any problems.

Also share your filebeat configuration.

Why do you bind logstash to one single device? Is filebeat on remote host or localhost as well?

Shaswata_Bisi · October 30, 2017, 7:12am

I started minimal logstash configuration and with each working step, i kept on modifying the config file and then it finally worked. thanks a lot

system · November 17, 2017, 6:02am

This topic was automatically closed after 21 days. New replies are no longer allowed.