What is my "index patter"?

Christian_Dahlqvist · July 21, 2017, 1:49pm

That is just the internal Kibana index. If that is all you see, you have no data in the cluster to visualise, so you will not be able to define any index pattern in Kibana as no mappings for that pattern can be found.

If you index some data and are able to see some other index when you run _cat/shards you should be able to create an index pattern and explore that data.

hack3rcon · July 22, 2017, 5:38am

Honestly, I can't understand you mean. I just want to see the Windows OS Event Logs via ELK. Is my configuration wrong?

Christian_Dahlqvist · July 22, 2017, 7:34am

If the Kibana index is the only index in the cluster, there are no event logs being indexed that you can visualise.

hack3rcon · July 22, 2017, 12:02pm

What is my option? Can you provide any help? My logs collected via Syslog-ng and stored on my server but how can I display it?

Christian_Dahlqvist · July 22, 2017, 12:14pm

You will need to index them into Elasticsearch. For this you can use Filebeat and/or Logstash. The Logstash config you provided in your initial post seem to be taken from some outdated guide, as the options have since changed, so it is better to start based on the official documentation.

hack3rcon · July 22, 2017, 1:09pm

Thank you.
Is Filebeat mandatory? If possible I just need Logstash.
Can you correct my Logstash config file?

Thank you.

Christian_Dahlqvist · July 22, 2017, 3:40pm

You can do it with just Logstash using a file input plugin.

hack3rcon · July 23, 2017, 5:32am

File input plugin? How?

hack3rcon · July 30, 2017, 5:39am

Any help?

Christian_Dahlqvist · July 30, 2017, 6:59am

You had a Logstash config in your first post, where I pointed out some errors in the Elasticsearch output section. This seems to be a good starting point. Have you had a look at the documentation? What have you tried since? Where are you having issues?

hack3rcon · July 30, 2017, 2:42pm

As you see I corrected Elasticsearch config and posted it here. About Logstash, I removed my config and used default config of Logstash but not worked.
I don't know what is my problem is

hack3rcon · August 12, 2017, 1:46pm

Hello.
I see something below in documents:

input {
    beats {
        port => "5043"
    }
}
output {
    elasticsearch {
        hosts => [ "localhost:9200" ]
    }
}

I can't understand what is "beats" ? How about "first-pipeline.conf " file? My input is a file not anything. How can I introduce a file as input?

Any idea?

Thank you.

system · September 9, 2017, 1:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.