Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logstash]

logstash is a tool for collecting and distributing log events.

logstash is a free and open source tool (apache 2.0 license) for managing events and logs. It can be used to collect and parse logs, and distribution to other indexing systems. It has a web interface for searching and drilling into the logs.

260 questions
1
vote
1 answer

cannot validate certificate - doesn't contain any IP SAN

I am currently in the process of installing ELK ( ElastricSearch, LogStash & Kibana) stack. My ELK server IP address is 172.29.225.32. Elastic Search config is :: # ---------------------------------- Network ----------------------------------- # #…
Jason Stanley
  • 185
  • 1
  • 1
  • 11
1
vote
1 answer

Logstash multiline codec for Java stacktraces

The logstash documentation indicates that you can collapse the multiple indented lines in a Java stacktrace log entry into a single event using the multiline codec: https://www.elastic.co/guide/en/logstash/current/plugins-codecs-multiline.html input…
Garreth McDaid
  • 3,449
  • 1
  • 27
  • 42
1
vote
1 answer

Logstash Filter Conditional Not Getting Applied

I've got nxlog on my Windows servers shipping logs to Logstash (JSON-formatted). I want to clone off the security events to a SIEM, so I added the logic to catch certain Windows Event IDs: Even though the "Windows Event Log" tag gets applied (via…
armani
  • 420
  • 1
  • 9
  • 26
1
vote
0 answers

Logstash syslog filter not applying to logs?

I'm looking through some syslog logs files in my ELK stack and noticed that all the syslog_severity fields are 'notice', when I can verify in the log files that they are not 'notice'. Seems like Logstash is defaulting syslog_severity to notice.…
Celi Manu
  • 161
  • 1
  • 1
  • 5
1
vote
0 answers

Logstash filter: syslog_pri always defaulting to notice?

I'm looking through some syslog logs files in my ELK stack and noticed that all the syslog_severity fields are 'notice', when I can verify in the log files that they are not 'notice'. Seems like Logstash is defaulting syslog_severity to notice. I…
Celi Manu
  • 161
  • 1
  • 1
  • 5
1
vote
1 answer

Nested objects from MySQL to ElasticSearch

I am new to ES and trying to load data from MYSQL to Elasticsearch using logstash jdbc. In my situation I want to use column values as field names, Please see new & hex in output data, I want 'id' values as field names. Mysql data cid id …
Manoj
  • 13
  • 1
  • 5
1
vote
1 answer

Field/value extraction with ELK

I have an industrial system producing log files where some of the lines look like this: component1 v1 component2 v2 component3 v3 ... Where vx is a numerical value (eg. 3.14159). I'm running a super basic ELK stack and I would like to extract these…
Cedric H.
  • 159
  • 1
  • 8
1
vote
1 answer

Logstash netflow plugin configuration error

I'm trying to use logstash to collect traffic information from VMware ESXi using the netflow plugin. I've installed the latest version of logstash and elasticsearch from www.elastic.co on Ubuntu 16.04.1 with openjdk 8 installed. I've created this…
tvs
  • 161
  • 1
  • 10
1
vote
1 answer

How to run logstash-2.4.0

When I was trying ELK I install the logstash-2.4.0. And I wrote the log4j_to_es.conf. When I run ./bin/logstash agent -f config/log4j_to_es.conf I got an error. Settings: Default pipeline workers: 4 Pipeline aborted due to error…
blackdog
  • 113
  • 1
  • 5
1
vote
0 answers

rsyslog forwarding log very slowly

I configured rsyslog that forwards some logs to logstash via udp port. I am sending alot of events to rsyslog. Rsyslog properly gets all of events to queue. But Rsyslog is sending the events to logstash very slowly logstash gets approximately 50 -…
Hilmi Esen
  • 11
  • 2
1
vote
2 answers

Kibana @timestamp mapping & filter

I'm using following system/package: $ cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) $ rpm -q filebeat filebeat-1.3.0-1.x86_64 $ with /etc/filebeat/filebeat.yml: $ cat /etc/filebeat/filebeat.yml filebeat: prospectors: - …
alexus
  • 13,112
  • 32
  • 117
  • 174
1
vote
0 answers

Nginx remote access log

Actually, I have Nginx and Logstash installed on the same machine. And I want to separate them. I've installed Logstash in an other machine. How can I store the accsess_log Nginx file in the second machine ? Or How can I set the a Logstash remote…
N.Khalifa
  • 11
  • 1
1
vote
0 answers

object mapping for [doc.awsRegion] tried to parse field [awsRegion] as object, but found a concrete value

I am using Logstash Dynamodb PLugin to index data to be able to query it. Everything was running pretty smoothly, until one of my teammates started messing with the schema, and broke it. We can still index the data fine, however new data no longer…
user3521621
  • 265
  • 1
  • 4
  • 11
1
vote
1 answer

Logstash - splitting an event into two based on objects in an included array

I'm working with logstash for the first time, and I'm trying to take JSON reports from amavisd-new in for searching and analysis. Amavisd-new is able to write the json logging to redis, and I have everything importing perfectly, and have started…
T. Johnson
  • 41
  • 3
1
vote
1 answer

Sending docker logs to logstash

I have a number of CoreOS servers on Amazon AWS and would like to collect events or logs from them and forward them onto my ELK stack provider logz.io. Being a little new to the ELK stack, I'm a little lost on how to best get the data out. It was…
hookenz
  • 14,472
  • 23
  • 88
  • 143
1 2 3
17 18