Hii,
I am using filebeat -> logstash -> elasticsearch with 6.8.2 version and Graylog 3.1.4. My filebeat collect data from catalina.out log file and send to the logstash then elasticsearch.I am not able to get logs in graylog.What should I do, Please help me
Can you see traffic in IN/OUT box in the top right corner?
That about of System/Input option?
You can’t directly send data to Elastic, you need to send it to graylog Input type beat, so logstash output setup for logstash and point to graylog input.
1 Like
No am not able to see traffic in IN/OUT
filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:- /usr/share/filebeat/mylog/apache-tomcat-9.0.36/logs/catalina.out
loadbalance: true
- /usr/share/filebeat/mylog/apache-tomcat-9.0.36/logs/catalina.out
output.logstash:
hosts: [“logstash:5044”]
logstash.conf
input {
beats {
port => 5044
}
}
filter {
json {
source => “message”
}
date{
match => [“timestamp”, “UNIX_MS”]
target => “@timestamp”
}
ruby {
code => “event.set(‘indexDay’, event.get(’[@timestamp]’).time.localtime(’+09:00’).strftime(’%Y%m%d’))”
}
user => elastic
password => elastic
}
output {
elasticsearch {
hosts => [“elasticsearch:9200”]
template => “/usr/share/logstash/templates/logstash.template.json”
template_name => “logstash”
template_overwrite => true
index => “logstash-%{indexDay}”
codec => json
}
stdout {
codec => rubydebug
}
}
I want to send logs from filebeat to graylog directly or using logstash
…
How do you are deploying graylog? with docker?. In case of negative response you need configure the correct host or IP here.
output.logstash:
hosts: [“logstash:5044”]
Also you can check if your services are running, and if you can reach to these services using telnet, ping, nslookup.
ping logstash
telnet elasticsearch 9200
And is really important check filebeat logs. Usually located in /var/log/filebeat
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.