Hi Team,
I am new to ELK. I have been trying to parse my Fortigate firewall logs with my my RegEx.
- I have Fortigate logs saved in my machine
- I have created a patterns directory in which I have my whole regex stuff
- I have my configuration file which has input which says the file should be read from so and so position and apply the filter grok which has the patterns directory location followed my match sequence
- I have the output part which says the output should be printed CLI
Configuration test has been passed. I unable to receive any output in my console. Please help me to resolve this.
Console Output :
**logstash@ubuntu:/usr/share/logstash$ sudo bin/logstash -f /etc/logstash/conf.d/logstash1.conf
[sudo] password for logstash:
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2018-07-06 04:03:09.976 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2018-07-06 04:03:11.211 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.3.0"}
[INFO ] 2018-07-06 04:03:20.873 [Converge PipelineAction::Create] pipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>3, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[INFO ] 2018-07-06 04:03:22.157 [Converge PipelineAction::Create] pipeline - Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x1b7776cc run>"}
[INFO ] 2018-07-06 04:03:22.505 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2018-07-06 04:03:23.214 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9601}
**