0

I am very new to the ELK stack and I am having some difficulty wrapping my head around it.

I have a test configuration under /etc/logstash/conf.d/test.conf that looks like this:

input {
    stdin { }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "test"
}
    stdout{ }
}

When I run sudo /opt/logstash/bin/logstash -f /etc/logstash/conf.d/test.conf I see the output in stdout in the following form: 2016-08-04T10:09:46.406Z myserver.local hello world, but I don't see it apper in Kibana.

I think I might have created the index wrong, as I am not 100% sure how to do it. Kibana

Improve this question
5
  • Tried your config. It created test index for me. Couldn't find anything wrong with your config. Commented Aug 4, 2016 at 10:57
  • @MrunalPagnis So was I right in presuming the index => "name_of_index" is the index name required by Kibana? Commented Aug 4, 2016 at 12:48
  • yes. That is right. Also you can check if index was created in elastic search by using this link in your browser localhost:9200/_cat/indices/?v. It will list all the indices and details. Commented Aug 4, 2016 at 12:52
  • @MrunalPagnis Thank you for your help. Just one more question: I have created another conf file (a duplicate of the other), but with a different port and index name. Even after restarting both ES and LS and running curl -XGET 'http://localhost:9200/_cat/indices/?v' I am not seeing the newly created index. How can I refresh the indices? Commented Aug 4, 2016 at 13:27
  • Your port number should match. It should be the standard 9200 port number for elasticsearch. Else make sure you add other port number to elastic search config. Because elasticsearch is only configured for 9200. Commented Aug 4, 2016 at 13:36

2 Answers 2

Reset to default
2

Summarizing the comments with some pointers into an answer as it solved your problem.

Using index => "test" is the correct way. You can also give a field value as index name using index => "%{fieldname}".

  1. Your config is correct. I have tested it and your config is correct. It is creating an index test in elasticsearch.
  2. You can check your index is created or not by listing all the indices present in elasticsearch by using localhost:9200/_cat/indices/?v in your browser.
  3. The port number which you give in your config should match the port number for which elasticsearch is configured. Giving a different port number without configuring in elasticsearch will not work. The default port number is 9200.
  4. You might also want to check if the port number you are using is already in use.
  5. If all of the above is verified and index is created in elasticsearch then you should be able to see it in kibana as well. Now you can go ahead and create the pattern in kibana with the index name test.
  6. As mentioned in @alpert's answer you should play around with the timepicker and adjust it to see the results.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I guess you dont see anything because of your time interval that is at the top right of your browser. May be your document is older than that interval - it is usually Last 15 minutes. Change it to a bigger intevar like Today etc

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.