Hi
ELK (Elasticsearch,Logstash,Kibana) on 192.168.199.131
Filebeat on 192.168.199.145
In 192.168.199.131:
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 68352/java
tcp6 0 0 ::1:9200 :::* LISTEN 68352/java
firewalld disabled
In /etc/logstash/conf.d/input.conf
input {
beats {
port => 5044
}
}
In etc/logstash/conf.d/ouput.conf
output {
elasticsearch {
hosts => "localhost:9200"
index => "postfix-%{+YYYY.MM.dd}"
}
#stdout { codec => rubydebug }
}
In etc/logstash/conf.d/filter.conf
filter {
if [type] == "postfix" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATArogram}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}"" }
}
}
On filebeat
/etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/maillog*
output.logstash:
hosts: ["192.168.199.131:5044"]
xpack.monitoring:
enabled: true
elasticsearch:
hosts: ["http://192.168.199.131:9200"]
But there are no indexes in kibana=>parent index
Any help
ELK (Elasticsearch,Logstash,Kibana) on 192.168.199.131
Filebeat on 192.168.199.145
In 192.168.199.131:
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 68352/java
tcp6 0 0 ::1:9200 :::* LISTEN 68352/java
firewalld disabled
In /etc/logstash/conf.d/input.conf
input {
beats {
port => 5044
}
}
In etc/logstash/conf.d/ouput.conf
output {
elasticsearch {
hosts => "localhost:9200"
index => "postfix-%{+YYYY.MM.dd}"
}
#stdout { codec => rubydebug }
}
In etc/logstash/conf.d/filter.conf
filter {
if [type] == "postfix" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP} %{SYSLOGHOST} %{DATArogram}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}"" }
}
}
On filebeat
/etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/maillog*
output.logstash:
hosts: ["192.168.199.131:5044"]
xpack.monitoring:
enabled: true
elasticsearch:
hosts: ["http://192.168.199.131:9200"]
But there are no indexes in kibana=>parent index
Any help