Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

260 questions
3
votes
1 answer

Logstash output-http plugin error 500 when trying to send to slack webhook

I'm running a docker container with an ELK stack. Everythings working dandy and fine. I'd like to utilize the https://www.elastic.co/guide/en/logstash/current/plugins-outputs-http.html plugin. I install the plugin it: root@elk:/#…
Karl Morrison
  • 1,621
  • 4
  • 29
  • 43
3
votes
2 answers

How to add AWS ELB access logs to logstash with S3 input?

I'm using an ELK stack for server monitoring. My application's access logs which are from AWS ELB are stored in AWS S3. I am trying to add them to logstash with the following input: input { s3 { access_key_id => "my_id" secret_access_key…
apanagiotou
  • 43
  • 1
  • 4
3
votes
1 answer

Parsing log4j log files with logstash

I am parsing multiline log4j logs with logstash and I've got the most curious problem. Here's an example of some related log entries: 2016-01-05 13:55:26,275 DEBUG [class] [thread] - bla 2016-01-05 13:55:26,275 DEBUG [class] [thread] -…
pour toi
  • 302
  • 1
  • 4
  • 12
3
votes
1 answer

Logstash integration with AWS Elasticsearch Service

I am using AWS Elasticsearch service to configure Elasticsearch Cluster and there is a separate server where I have installed Logstash 2.1.0 Here is my Logstash sample configuration file :- input { file { path =>…
Siddharth Sharma
  • 31
  • 1
  • 2
3
votes
1 answer

Logstash - Graph IPv4 vs IPv6

I'm looking at starting to graph inbound connections to our various services (web, mail, dns etc) by IP version, ie IPv4 connections versus IPv6 connections. Currently the IPs are being stored in a single field. What's the best approach to…
Boden Garman
  • 210
  • 2
  • 6
3
votes
1 answer

Logstash event @timestamp adjustment

I have standard Windows IIS log files with event date/time stamp information and timetaken (in milliseconds). I would like to be able to adjust the event time (@timestamp) by subtracting the "timetaken" to be able to record when the event started…
Guy
  • 2,668
  • 2
  • 20
  • 24
3
votes
2 answers

getting logs from systemd unit into flat files and logstash

I'm running an application under systemd within CentOS 7. It logs to stdout and systemd is capturing that into journalctl just fine. I'd like to also: get a rotated text log file also saved to the local filesystem for familiarity to our…
Peter Lyons
  • 283
  • 3
  • 12
3
votes
1 answer

logstash timestamp on year rollover

We use logstash to store/search logs from our mail servers. I noticed today that we didn't have any indices from this year (2015). Quick investigation showed that current logs were being stored as 2014.01.05 (ie same day but last year) and these…
Paul Haldane
  • 4,517
  • 1
  • 21
  • 32
3
votes
3 answers

kibana: no indices error

None of the existing answers helped, so here a new question. Usecase: Redirecting syslog (or) monitoring static file. I have successfully installed logstash (1.4.2), elasticsearch(1.1.1) and kibana(3.0.1) but struggling to get rid of error No…
user3247463
  • 31
  • 1
  • 3
3
votes
2 answers

Logstash Forwarder doesn't start up with chkconfig in CentOS 5

I have set up logstash-forwarder on a CentOS 5 machine installing it from this RPM: http://download.elasticsearch.org/logstash-forwarder/packages/logstash-forwarder-0.3.1-1.x86_64.rpm When I went through the process I found the init script provided…
Rumbles
  • 994
  • 1
  • 12
  • 28
3
votes
1 answer

Logstash-forwarder is throwing SSL errors

I got this task handed over to by my colleage and this is the background. He got ELK (Elasticsearch, Logstash and Kibana) stack working with our RHEL 6.2 servers, by using the regular method of configuring the Logstash on the server and…
Sreeraj
  • 464
  • 1
  • 5
  • 15
3
votes
1 answer

Using Logstash as shipper?

We are shipping logs from servers and using THE logstash on each server for shipping. So we read logs from the glob "/root/Desktop/Logstash-Input/**/*_log". input { file{ path =>…
Siddharth Trikha
  • 149
  • 1
  • 5
3
votes
1 answer

Windows Forward Events Missing User Data and Description

I have Subscription Events set to forward windows server 2008's Terminal Services/LocalSessionManager/Operational logs to another window's server 2008's Forward Events section. The Subscription Event is set with a HeartbeatInterval value of 300 (and…
user220643
  • 49
  • 1
  • 4
3
votes
1 answer

Logstash Server Log FIle Flooded With "Failed to flush outgoing items" Error Messages

I'm new to Logstash, trying to get it running following the tutorial in "The Logstash Book". On page 44, the guide suggests to tail the Logstash process' main log file called central.log. After about 2 minutes of Logstash being started, the…
Josh
  • 31
  • 1
  • 2
3
votes
1 answer

Failing forwarding rsyslog

I have a centralised rsyslog server A that receives a bunch of logs through TCP from servers X, Y, Z. It then stores the files on disk but also forwards them to logstash server B (on a different machine). For the relaying to the logstash server B I…
Arthur Lutz
  • 375
  • 3
  • 11
1 2 3
17 18