#logstash

ahh, cool. i'll give that a shot

i wasn't having luck with fields. or just [myfield]

yep yep, that did the trick.

thanks!

mike: ah, good.

I have a field, "dateUpdated": "2015-12-28T20:46:45.613Z" let's say the server time it's Tue Dec 29 07:33:46 UTC 2015, so now-1d/d should be 2015-12-28

When I do "gt" "now-1d" i get "dateUpdated": "2015-12-28T20:51:04.461Z" doing "gt" : "now-1d/d" i get no results, updating to "gte" : "now-1d/d" i get results.

Why doesn't "gt" "now-1/d" work?

how do i include 50 logfiles but one of them is not, but all match *.log

Good afternoon!

Can anyone assist with a logstash to kibana question?

I just installed the latest version of logstash 2.1.0 and kibana 4.3.1 and was able to test sending simple messages from logstash to elasticsearch which show up in the kibana interface. as soon as i switched to trying to process an actual log file it fails to display anything

this is my logstash.conf file http://pastebin.com/FTG4kiZY

I'm new to ELK/IRC but are you able to view the index your log files via ES api?

you can, not the best idea though

No I opened ES and went into the _search and could not see the indexes

it looks like it’s faiing to send the files over to ES with the current config and I can’t seem to figure out why

does stdout show it working?

with that config

just change the output to stdout {} ?

uncomment it

see if anything is making it through

I’ve also seen this error in the /var/log/logstash/logstash.log file

{:timestamp=>"2015-12-29T01:36:33.016000-0600", :message=>"The error reported is: \n pattern %{HOST:syslog_host} not defined"}

sorry, where am i looking for the stdout output?

ahh, well that won't help

i just uncommented those 2 lines and restarted logstash

you only need one of the stdouts

line 91 really

stdout log now shows attern %{HOST:syslog_host} not defined

*P

that would be defined in the file in /opt/logstash/patterns I believe

thought I had downloaded a grok pattern file that contained that already, let me check.

i’ve got it in there, i just restarted the logstash service again to make sure

found one issue. when trying to grab the pattern files from github it downloaded them as an html file instead of txt

trying to corret that and see if it helps

still no luck, but i’m not seeing the errors in the log file or stdout log anymore

does it take it a little while to index an rsyslog file maybe?