Using Filebeat modules and logstash conf

Hi,

i'am trying to use the apache ECS dashboards, but the panels only display "No results found".

Heres my setup: Webserver (with Filebeat and apache module enabled) --> Logstash (with multiple inputs and outputs ) --> Elastisearch --> Kibana

Please help :S

My configurations:
filebeat.yml
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["172.22.64.62:5044"]

logstash.conf
############## INPUT
input {

# alle system logs
beats {
  port => 5544
  type => syslog
}

# alle apache logs
beats {
  port => 5044
  type => apache
}

# alle netflow logs
beats {
  port => 2255
  type => netflow
}

}

############## FILTER

filter {
}

############## OUTPUT

output {

if [type] == "netflow" {
elasticsearch {
hosts => ["172.22.64.63:9200"]
pipeline => "%{[@metadata][pipeline]}"
user => xxxxx
password => xxxxx
index => "logstash-netflow-%{+YYYY.MM.dd}"
}
}

if [type] == "syslog" {
elasticsearch {
hosts => ["172.22.64.63:9200"]
user => xxxxx
password => xxxxx
index => "logstash-syslog-%{+YYYY.MM.dd}"
}
}

if [type] == "apache" {
  elasticsearch {
    hosts => ["172.22.64.63:9200"]
    pipeline => "%{[@metadata][pipeline]}"
    user => xxxxx
    password => xxxxx
    index => "logstash-apache-%{+YYYY.MM.dd}"
   }
}

}

It seems like that something went wrong in the logstash config.
When i use the elasticsearch output in the filebeat from the webserver, everything works fine.

thanks in advance

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.