Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

260 questions
0
votes
1 answer

Logstash tcp input not passed to elasticsearch

After successfully setting up ELK with file inputs, logstash-forwarder and seeing logs in Kibana flow from a few servers, I have attempted to set up a TCP input: tcp { codec => "json" host => "localhost" port => 9250 tags =>…
Chris
  • 11
  • 1
  • 6
0
votes
1 answer

Logstash matching ceph client and server separation

So I have a fresh logstash install and I am trying to deploy logstash to get a handle on the logs. I am going through and will eventually segment the logstash filters based on subsystem and currently I am working on parsing osd logs. Here is a…
Lookcrabs
  • 21
  • 6
0
votes
1 answer

Zabbix Log alerting through Logstash

I have a problem with Zabbix and logstash alerts. I am currently sending logstash logs that are errors or warnings to zabbix via their plugin. However on Zabbix. I want to create a trigger for the data being sent. Currently I have something like…
Nvasion
  • 213
  • 1
  • 2
  • 6
0
votes
1 answer

ESX performance stats in Logstash

Dose anyone know if it is possible to collect ESX Performance Stats in LogStash/ELK stack? looking to see if I can collect ESXTOP data for use in the ELK stack.
TechGuyTJ
  • 792
  • 1
  • 13
  • 26
0
votes
1 answer

Can't get logstash to work with upstart script

I've installed logstash on my headless server but I'm having a few problems getting it to work from the upstart script with sudo service logstash start. This is the output I get from /var/log/logstash/logstash.log is here but I can't see anything…
Sonoman
  • 173
  • 1
  • 15
0
votes
1 answer

IIS 7, LogStash and flushing IIS logs

I'm using LogStash to import IIS logs into ElasticSearch. It's done by pointing the LogStash to the folder with IIS logs which contains several log files each per day. Currently I don't use the LogStash forwarder (not sure if it change…
Kamarey
  • 377
  • 3
  • 4
  • 10
0
votes
1 answer

Logststash forwarder read error looking for ack: EOF

I am receiving this error message every time logstash-forwarder has a new log to ship. Eventually the connection gets made and logstash-forwarder output confirms that the events have been processed but I was hoping that there could a way to resolve…
jmreicha
  • 790
  • 1
  • 16
  • 29
0
votes
1 answer

Why doesn't logstash grab or index the files from the mapped drive?

I don't understand why logstash is so finicky with network resources. I shared a folder on another machine and then mapped it as Z: under Windows Explorer. I've verified the path and everything. I can get logstash (with ELK stack) to input local…
Christopher Bruce
  • 339
  • 2
  • 4
  • 14
0
votes
1 answer

Statistical information regarding scaling ElasticSearch

I have a set-up with several Logstash nodes sending input to ElasticSearch, and have a kibana server which allows me to visualize this. The current infrastructure is pretty simplistic and is on single node machines. We are looking to scale it out to…
tsar2512
  • 121
  • 2
0
votes
0 answers

Logstash from RPM fails to run under nice command

I downloaded the Logstash RPM logtsash-1.4.2-1_2c0f5a1.noarch from the official site, but have been having problems getting it to run from the init script. I get no log data passed to Elasticsearch/Kibana unless I change the nice value (LS_NICE…
RCross
  • 469
  • 2
  • 6
  • 19
0
votes
1 answer

RSyslog sends logs to logstash with host as IP not FQDN

I am having a issue. I am trying to send apache/nginx logs to logstash server. The problem is that rsyslog sends host as IP not the servers FQDN. Solutions that I have tried: PreserveFQDN on (did not help) Add FQDN to hosts file and enable…
cr0c
  • 958
  • 4
  • 16
  • 35
0
votes
1 answer

Numerical range in Kibana 3 not working

My tomcat access logs have last field as "%D - Time taken to process the request, in millis". I am trying to filter the logs which took more than some number of milliseconds, but it is showing all the logs as a result, I am trying as per lucene…
Deepak Deore
  • 691
  • 1
  • 9
  • 16
0
votes
1 answer

Inputting bulk logs in Logstash (stored in different folders) using the "file" plugin without specifying individual filters

So I have a question about the basic functionality of logstash. I have many different .L01 files which I have exported into log files. Each .L01 file represents a host and the export function dumps it into a folder-tree. I need to read the logs from…
shruti gupta
  • 33
  • 1
  • 4
0
votes
2 answers

Correlating data within Kibana

I'm looking at aggregating data within the whole ELK stack (Elasticsearch/Logstash/Kibana) and I'm getting lots of good data from my windows systems. It's working very well, but when i get Windows Security Events, I would like to correlate windows…
Steve Butler
  • 1,016
  • 9
  • 19
0
votes
0 answers

Output Logstash to Elasticsearch cluster

I have multiple EC2 instances running Logstash and Elasticsearch. I'd like to output everything into ES cluster. output { stdout { debug => true debug_format => "json" } elasticsearch { cluster => "elasticsearch" …
Bastien974
  • 1,896
  • 12
  • 44
  • 62
1 2 3
17 18