Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

260 questions
6
votes
3 answers

Logstash with journald instead of rsyslog

I'm used to sending my logs from a server to a remote Logstash using rsyslog, with a configuration file roughly as follows (usually more specific to prevent too many logs from being sent): *.* @192.168.5.5:5000 I'm now starting work on a server…
Loic Duros
  • 163
  • 1
  • 4
6
votes
2 answers

logstash alert after 1000 occurences

I am trying to make Logstash to alert me only after it receives over 1000 items within 10 minutes. I need alerts in both Hipchat and PagerDuty. My config seems reasonable, but does not work as expected. filter { if…
Sart
  • 63
  • 3
6
votes
2 answers

Sending Subversion logs to Logstash

My requirement is to send subversion logs(i.e username,revision number...) to logstash for parsing(then store it in elastic search and finally displayed it via kibana).Since subversion use its own file-based database(FSFS) and not plain text file,I…
Prashant Lakhera
  • 713
  • 2
  • 10
  • 25
6
votes
4 answers

How to send Windows Performance counters to Logstash + Kibana?

I would like to setup monitoring for system resources on my Windows servers. I've noticed a common configuration in Linux is to use collectd daemon to get system metrics information. From collectd data can read by logstash and ultimately put into…
angaran
  • 355
  • 2
  • 3
  • 11
6
votes
2 answers

How does an administrator generalize alerting when an event doesn't happen?

Often my users require me to be just as responsible for knowing if an event hasn't happened. I've always had to build custom and brittle solutions with cron'ed shell scripts and lots of date edge case testing. Centralized logging ought to allow…
Dan Garthwaite
  • 2,962
  • 1
  • 19
  • 31
5
votes
2 answers

How to forward application logs from Docker containers to ELK

I'm trying to centralise logging in an environment that using multiple application technologies (Java, Rails and various DBs). We want to developers to bring up stacks with Docker Compose, but we want to them to refer to a central log source (ELK)…
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
5
votes
2 answers

"Index Patterns: Please specify a default index pattern" in Kibana

I'm trying to create a simple hello world for ELK and be able to see kibana reports via the internet. I've installed kibana, logstash, nginx and elastic search. Here's my /etc/logstash/conf.d/10-syslog.conf: input { file { path => […
Dett
  • 53
  • 1
  • 4
5
votes
2 answers

Centos: yum install libevent-devel conflict with compat-libevent

I want to install Logstash and others, but when I try: # yum install libevent-devel I get the errors below: Transaction Check Error: file /usr/bin/event_rpcgen.py from install of libevent-devel-2.0.12-1.rhel6.i686 conflicts with file from…
user2253805
  • 51
  • 1
  • 1
  • 4
5
votes
6 answers

Logstash binding to a port already in use

This is the output when I try and run logstash. With Redis and ElasticSearch disabled it still says address already in use. Any suggestions? As far as I can tell this was fixed in 1.1.8 but I seem to still have this problem.…
David Neudorfer
  • 171
  • 3
  • 9
4
votes
3 answers

Logstash / Elasticsearch - trasform fields to lowercase in output conf

I have a standard ELK stack currently storing numerous log outputs. I'm trying to separate my indices to be source-specific. As part of my FileBeats config, some standard fields are always generated as part of every message (and are…
m8r-3wo9bu
  • 41
  • 1
  • 2
4
votes
1 answer

Transparent Proxy to Docker Network Means TCP is Broken

My logging setup is a single Docker host with UDP 514 exposed for syslog. An nginx container has its port published so when you send logs to 10.1.1.100 (in the image below) it first hits nginx, whose config for transparent load balancing to…
armani
  • 420
  • 1
  • 9
  • 26
4
votes
4 answers

How to see if filebeat data is being sent to logstash

When I open up Kibana interface, I get an error to configure index when logstash-* is entered as a query: kibana error: please specify a default index pattern How can I see if filebeat is sending logs to logstash? I followed the filebeat and ELK…
Celi Manu
  • 161
  • 1
  • 1
  • 5
4
votes
1 answer

logstash-forward equivalent for fluentd?

Is there something equivalent to logstash-forwarder that can ship logfiles to fluentd? I am trying to send log files from an application to a remote fluentd but have not seen whether this is possible via an agent somehow. I understand that you can…
adamo
  • 6,925
  • 3
  • 30
  • 58
4
votes
3 answers

logstash: is there a way to view the complete running config when using multiple config files in /etc/logstash/conf.d?

I am running logstash 1.5.0.1 and I have multiple config files in my /etc/logstash/conf.d folder: 01-input-source-one.conf 02-input-source-two.conf 10-filter-one.conf 11-filter-two.conf 20-output-one.conf 21-output-two.conf After modifying a…
Peter M
  • 973
  • 2
  • 15
  • 27
4
votes
1 answer

Logstash/elasticsearch stops accepting new data

I've set up a new proof of concept logstash system CentOS 6.6 (on Vmware 5.5) - single CPU VM with 12G RAM allocated Elasticsearch and Logstash installed from RPMs … # rpm -q elasticsearch…
Paul Haldane
  • 4,517
  • 1
  • 21
  • 32
1
2
3
17 18