Good Afternoon Elastic team. I have proof via packetbeat that my syslogs are flowing to my Logstash server. I can also netstat and confirm the ports are open and listening on the configured port. I have the following configured in my logstash.conf, inidicating what i want to have happen with my syslogs.
output {
elasticsearch {
hosts => ["ES_IP_ADD:9200"]
user => "ES_username"
password => "ES_user_pass"
}
stdout { codec => rubydebug }
}
When I run either a Trace or a Debug on my logstash I see the following:
[2021-11-09T14:36:22,761][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
14:36:22.395
logstash.log
[logstash.log][DEBUG] Compiled output P[output-elasticsearch{"hosts"=>["http://10.12.36.52:9200"], "index"=>"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}", "user"=>"ES_Username", "password"=>"ES_User_pass"}|[file]/etc/logstash/conf.d/logstash-sample.conf:22:3:``` elasticsearch { hosts => ["http://1ES_IP_Add:9200"] index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" user => "ES_Username" password => "ES_User_password" } ```] into org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
14:36:22.395
logstash.log
[logstash.log][DEBUG] Compiled output P[output-elasticsearch{"hosts"=>["http://ES_IP_Add:9200"], "index"=>"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}", "user"=>"ES_Username", "password"=>"ES_User_pass"}|[file]/etc/logstash/conf.d/logstash-sample.conf:22:3:``` elasticsearch { hosts => ["http://10.12.36.52:9200"] index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" user => "elastic" password => "m@rc0n12021" } ```] into org.logstash.config.ir.compiler.ComputeStepSyntaxElement@3fdc2b9c
When I run: http://ES_IP_ADD:9200/_cat/indices?v on my windows server I do not see anything that would indicate an inidex that would house my information.
If anyone can help with this it would be greatly appreciated. Thank you.