We are not receiving the log from kafka to logstash

saravananveera · July 16, 2020, 1:52pm

Hi
I have received the logs from beat to Kafaka, but i can't able to receive logs from kafka to logstash .

Kafka log:

[root@ip kafka]# bin/kafka-console-consumer.sh --bootstrap-server localhost:9092 --topic sscplblogs

{"@timestamp":"2020-07-16T13:47:30.090Z","@metadata":{"beat":"filebeat","type":"doc","version":"6.3.2","topic":"sscplblogs"},"offset":336188123,"source":"/var/log/nginx/test-live.com/ssl-access.log","tags":["PLAYER LB"],"input":{"type":"log"},"fields":{"log_topics":"sscplblogs"},"beat":{"name":"PL-LB-14-36","hostname":"lb-p1l1.com","version":"6.3.2"},"host":{"name":"PL-LB-14-36"},"message":"[16/Jul/2020:13:47:29 +0000] 219.68.172.199 - test-live.com : 178.20.18.48:8443 : POST /member/Config.jsp HTTP/1.0 - upstream_response_time : 1.040 - msec: 1594907249.291 - request_time : 1.206 - upstream_connect_time : 0.002 - upstream_status: 200 - user_agent: Mozilla/5.0 (Linux; Android 9; Redmi Note 7 Pro Build/PKQ1.181203.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36--clientip:106.217.32.109","prospector":{"type":"log"}}

These log i can't able to receive from logstash.

Logstash conf:

input {
kafka {
bootstrap_servers =>["localhost:9092"]
topics => ["sscplblogs"]
codec => "json"
add_field => { "ssclogz" => "sscplblogz" }
}
}

output {

if [ssclogz] == "sscplblogz" {
elasticsearch {
hosts => ["localhost:9200"]
index => "sscplblogs-%{+YYYY.MM.dd}"
}
file {
path => "/var/log/logstash/sscplblogs.log"
}
}
}

aaron_nimocks · July 16, 2020, 3:14pm

I'd try this first. If you get an output then you are getting data.

output {
   stdout { }
}

If the above works try to change your conditional statement to below.

if [kafka][topic] = "sscplblogs" {
   elasticsearch {
      hosts => ["localhost:9200"]
      index => "sscplblogs-%{+YYYY.MM.dd}"
   }
   file {
      path => "/var/log/logstash/sscplblogs.log"
   }
}

saravananveera · July 17, 2020, 2:07pm

Hi @aaron_nimocks

Thanks for the reply, I have fixed this issues, Now i have face the issues with index creating in kibana.
Provided the index got created in Elastic search.
Kibana lists down the index from elastick search. But when creating the index-pattern hitting below error.

"Could not locate that index-pattern (id: false), click here to re-create it"

saravananveera · July 18, 2020, 5:08am

Hi team,

Please fine the below logs

api/saved_objects/index-pattern 403 (Forbidden)

Selection_534

system · August 15, 2020, 5:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash doesn't receive logs from kafka (filebeat transfer logs to kafka) Beats filebeat	16	3252	September 16, 2022
Unable to push messages to Kafka streams Logstash	6	269	August 12, 2022
Logstash not reading message from Kafka Logstash	1	907	July 10, 2017
Problem with sending logs from filebeat to logstash when I add kafka to pipeline Beats filebeat	3	514	December 3, 2020
Unable to get Logstash to read from kafka input Logstash	4	3017	May 12, 2017

We are not receiving the log from kafka to logstash

Related topics