Hi,
i'am trying to use the apache ECS dashboards, but the panels only display "No results found".
Heres my setup: Webserver (with Filebeat and apache module enabled) --> Logstash (with multiple inputs and outputs ) --> Elastisearch --> Kibana
Please help :S
My configurations:
filebeat.yml
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["172.22.64.62:5044"]
logstash.conf
############## INPUT
input {
# alle system logs
beats {
port => 5544
type => syslog
}
# alle apache logs
beats {
port => 5044
type => apache
}
# alle netflow logs
beats {
port => 2255
type => netflow
}
}
############## FILTER
filter {
}
############## OUTPUT
output {
if [type] == "netflow" {
elasticsearch {
hosts => ["172.22.64.63:9200"]
pipeline => "%{[@metadata][pipeline]}"
user => xxxxx
password => xxxxx
index => "logstash-netflow-%{+YYYY.MM.dd}"
}
}
if [type] == "syslog" {
elasticsearch {
hosts => ["172.22.64.63:9200"]
user => xxxxx
password => xxxxx
index => "logstash-syslog-%{+YYYY.MM.dd}"
}
}
if [type] == "apache" {
elasticsearch {
hosts => ["172.22.64.63:9200"]
pipeline => "%{[@metadata][pipeline]}"
user => xxxxx
password => xxxxx
index => "logstash-apache-%{+YYYY.MM.dd}"
}
}
}
It seems like that something went wrong in the logstash config.
When i use the elasticsearch output in the filebeat from the webserver, everything works fine.
thanks in advance