Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

260 questions
0
votes
2 answers

Logstash can't find JRuby

I download it at https://www.elastic.co/downloads/logstash. And test it in CentOS 7.0. The JRE's version is 1.8.0_101. When I run ./bin/logstash agent -f config/log4j_to_es.conf it prints: Unable to find JRuby. If you are a user, this is a bug. If…
blackdog
  • 113
  • 1
  • 5
0
votes
1 answer

Send logs to rsyslog and logstash on the same machine but avoid double sending of data

I have a situation where I want to receive UDP traffic on two different ports on the same machine (two different services) and would like to avoid double sending of data. So, this is the idea: (rsyslog client) ----(network)---> (10540 rsyslog and…
user373333
  • 640
  • 1
  • 4
  • 14
0
votes
1 answer

How to troubleshoot LogStash on Windows when there are no reported errors?

I'm setting up LogStash on Windows and made a test launch of logstash.bat from the console to see if it process records from the log4net file. Here is what it reported but I don't see any records in the target ES although there are records in the…
kirill_l
  • 237
  • 3
  • 11
0
votes
1 answer

Logstash Grok Filter

I'm sure there is a simple solution to this but I'm new to working Logstash. The filter I'm trying to apply is for some firewall logs and I have a field that will either have a single or two values separated by a…
CCoombes83
  • 11
  • 3
0
votes
1 answer

Logstash issue matching a substring of custom field

I have the following Logstash setup. Logs are piped to Logstash from Logspout via the logspout-logstash adapter, which adds a few fields to log messages, namely the docker.image field. I am able to ingest the logs but am having trouble parsing them.…
jmreicha
  • 790
  • 1
  • 16
  • 29
0
votes
1 answer

Can I setup logstash with windows generated certs instead of openssl?

Going through this tutorial. They use openssl to generate certs to use with logstash ie this command: sudo openssl req -subj '/CN=ELK_server_fqdn/' -x509 -days 3650 -batch -nodes -newkey rsa:2048 -keyout private/logstash-forwarder.key -out…
red888
  • 4,183
  • 18
  • 64
  • 111
0
votes
1 answer

How do I force a date/time format for traffic captured with tshark using "-T fields"?

I'm capturing traffic with tshark into a CSV file using "-T fields", but whatever I try I can't get a nice ISO date or even changing the timezone to UTC. The command I'm using is tshark.exe -i 2 -c 1 -T fields -e frame.time This gives me Capturing…
lpacheco
  • 157
  • 2
  • 9
0
votes
1 answer

Field type not being honor in Kibana/Elasticsearch

I'm using a logstash plug-in for a Java app using logback to forward logs on to my logstash server. I've setup a filter definition as follows: input { tcp { port => 2856 codec => json_lines } } filter { mutate { convert => { …
John S
  • 135
  • 7
0
votes
2 answers

Collectd --> Elasticsearch if remote-host can't connect to central elasticsearch

Goal Central storage and way to analyze performance numbers: cpu load ram usage ... Current strategy I would like to implement a setup like this: collectd logstash elasticsearch kibana Like explained…
guettli
  • 3,591
  • 17
  • 72
  • 123
0
votes
2 answers

Is is possible to pass logs to ELK stack via a ZeroMQ connection?

I have just started learning about the ELK stack. I know that Logstash can take input from several different sources via filebeat client and put that in ElasticSearch. Is it possible to pass log data to ELK via a ZeroMQ connection ? Thanks
joes
  • 101
0
votes
0 answers

F5 High Speed Logging and Logstash GROK

Im trying to format logs straight from our F5 using HSL and Logstash. I've copied the example configuration exactly from the site as it contains the majority of the information I wanted logstash example My F5 is now outputting logs to my…
Dan
  • 138
  • 2
  • 11
0
votes
0 answers

Sending PostGreSQL log data to Logstash using Packetbeat

I am trying to configure sending pgsql log data to elasticsearch. The architecture is like this: packetbeat -> logstash -> elasticsearch. After running packetbeat, logstash log says: :message "Beats Input: Remote connection closed",…
Kadir
  • 126
  • 1
  • 8
0
votes
1 answer

Logstash conditional output to statsd - based on haproxy request URI

I have Logstash version 1.4.2 analysing haproxy logs using the HAPROXYHTTP pattern, and it is already sending counters and timing information to statsd for aggregation and onward storage in Graphite/Whisper. Now I would like to count the specific…
Ben Tullis
  • 1
  • 4
0
votes
1 answer

What is "io/console not supported; tty will not be manipulated"?

What is this message and how can I get rid of it? I am using ELK stack on windows 8. Every thing works just fine but this message which I get whenever I run logstash, buzzes me off. This is the complete output I get by running logstash on my…
Kobayashi
  • 117
  • 1
  • 6
0
votes
1 answer

Logstash grok match pattern not working even though grok constructor says it is okay

I've been building some grok patterns to parse the /var/log/secure log file and everything has been working fine. I create the grok patterns at http://grokconstructor.appspot.com/ and even then test them at http://grokdebug.herokuapp.com/ and both…
OneTrueBob
  • 11
  • 1
  • 3
1 2 3
17 18