Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

260 questions
2
votes
2 answers

Kibana 4, Logstash dashboard: how do I require Nginx authentication when saving but allow anonymous views?

I would like to require auth_basic nginx authentication to save all kibana 4 dashboards but allow anyone to view dashboards without authentication. I recently installed an ELK (Elasticsearch 1.4.5, Logstash 1:1.5.2-1, and Kibana 4.1.1) stack on…
Peter M
  • 973
  • 2
  • 15
  • 27
2
votes
1 answer

Bosun - Logstash Connectivity

I am in the process of tying up Bosun with my existing ELK setup. However after referring to the documents in Bosun I am not able to identify how exactly the connectivity works. is it something like below. Logstash output for opentsdb --> Bosun or…
Dilruwan Madubashitha
  • 21
  • 1
2
votes
0 answers

How to figure out why some characters go missing in rsyslog -> logstash pipeline

I am trying to figure out why some messages received by logstash have some text missing from them. I am sending the logs from an Untangle NGFW (11.0 - licensed) to logstash so that I can keep historical records of web filter logs etc. I first…
Rumbles
  • 994
  • 1
  • 12
  • 28
2
votes
1 answer

logstash multiline log for a mysql query

I'm looking to push logs from mysql-proxy lua's script into lostash. An example log might be [2015-03-09 11:13:47] USER:username IP:10.102.51.134:41420 DB:dbName Query: -- One Pager Trends -- params: SELECT date, SUM(t.rev) revenue, …
Mike
  • 22,310
  • 7
  • 56
  • 79
2
votes
1 answer

Logstash: Failed to flush outgoing items

First of all, I'm a total newbie to logstash. Despite the fact that I've managed to achieve some basic logging (trying to parse an apache log file without the build in COMBINEDAPACHELOG). However, I ran stuck on the following error that gets spammed…
jonny8bit
  • 21
  • 2
2
votes
1 answer

How to include a server identifier in nxlog output and reference it in logstash

If I have nxlog running on multiple IIS servers (say web1, web2, web3, web4). How can I add an identifier to the nxlog output which is being sent to logstash. Then within logstash I want to create a custom index with the server identifier (ex…
Todd Smith
  • 200
  • 3
  • 8
2
votes
1 answer

Sending logs to remote server with rsyslog

I'm trying to setup centralized logging with Logstash, Elasticsearch and Kibana and am having trouble getting logs to my log server. Logstash is listening on TCP 5000 and is successfully receiving logs from one of my servers but not the rest. I can…
Merch
  • 31
  • 1
  • 5
2
votes
2 answers

Can I run elasticsearch on a single server?

I use elasticsearch as part of a Logstash stack, in which all of the components of the stack are installed on the same server. The purpose of this is to expose application logs to developers for debug purposes. I don't need to keep the indices…
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
2
votes
1 answer

Logstash Groking Syslog Events

I have a logstash server sending events to an elasticsearch server that is displaying the results in Kibana. Everything is working pretty good, other than Kibana is showing 2 names in the host field. I am using the following grok filter in…
Eric
  • 1,383
  • 3
  • 17
  • 34
2
votes
0 answers

Why logstash multiline filter is not matching the logs?

I am sending logs to logstash using beaver. These logs are multiline in nature so I am using multiline filter but somehow the filter is not able to match the log. There are no errors in the output of the logstash. Here is what I see in…
Aditya Patawari
  • 1,065
  • 10
  • 23
2
votes
1 answer

Fixing severity on graylog2 web interface

I am using logstash to collect logs from a group of webapps and send them to graylog2 for centralized viewing. I have the following filter for tokenizing: grok { type => "webapps" pattern => "^%{TIME:timestamp}…
Lee Lowder
  • 440
  • 1
  • 5
  • 17
2
votes
2 answers

Graphite is plotting increments from Logstash in float

I was trying to mimic this logstash.net/docs/1.1.0/tutorials/metrics-from-logs I have following setup nginx(app server) ==sends the increment==>Etsy statsD=====>Graphite This setup is working fine since graph is being plotted just fine but not…
kaji
  • 2,528
  • 16
  • 17
2
votes
1 answer

rsyslog is not forwarding logs to elasticsearch

I'm trying to configure rsyslog to send logs to logstash and then forward them to elasticsearch. I have create a config file /etc/rsyslog.d/60-output.conf with the following content: *.* @localhost:10514;json-template and a template file…
Croviajo
  • 141
  • 3
2
votes
1 answer

Repair logstash checkpoint file

We had an OutOfMemoryException in our logstash 5.6.6 which lead to the checkpoint. head file not to be written properly: ls -l /var/lib/logstash/queue/main/ total 266424 -rw-r--r-- 1 logstash logstash 34 Mar 1 20:33…
Dero
  • 185
  • 1
  • 14
1
vote
0 answers

init: logstash main process (19281) terminated with status 1

I run Amazon Linux instance with logstash 6.4.0. [root@****** dragan]# cat /etc/issue Amazon Linux AMI release 2017.03 I wanted to upgrade logstash so I uninstalled 6.4.0 and tried to install 7.3.2. I got an error so I decided to role back and then…
mudricd
  • 11
  • 1
1 2 3
17 18