Highest Voted 'elk' Questions - Server Fault Stack Exchange

1

vote

2 answers

Line breaks in PHP's stack trace in nginx error logs disturbing logstash analysis

I am using nginx with PHP-FPM and ELK as log file analysis. When a PHP script causes an error the interpreter the error will be send back to nginx and nginx puts the error into the error.log file. Problem is: Sometimes those error logs contains…

asked Apr 18 '19 at 08:11

n.r.

249
1
2
10

1

vote

1 answer

Retrieve pfSense/freeBSD logs with elk

I am attempting to centralize logs from different systems. I installed the Elastick Stack (Elasticsearch, Logstash, Kibana) and WAZUH OSSEC on one server (named elk). I have installed the OSSEC agent on three ubuntu server and I am able to check…

syslog logstash ossec elk

asked Apr 25 '18 at 10:04

eli0T

120
11

1

vote

1 answer

Auto delete elasticsearch data older than 30 days

I have setup a ELK stack to collect logs at central server. It is working perfectly. But by default it is holding elasticsearch index/data permanently. We just want to maintain the data for 30Days. Please anyone point me how to delete indexs/data…

ubuntu-14.04 elasticsearch logstash kibana elk

asked Oct 20 '17 at 08:49

Sunil Bhoi

189
1
1
9

1

vote

1 answer

cannot validate certificate - doesn't contain any IP SAN

I am currently in the process of installing ELK ( ElastricSearch, LogStash & Kibana) stack. My ELK server IP address is 172.29.225.32. Elastic Search config is :: # ---------------------------------- Network ----------------------------------- # #…

openssl elasticsearch logstash elk filebeat

asked Jun 09 '17 at 13:52

Jason Stanley

185
1
11

1

vote

0 answers

Logstash syslog filter not applying to logs?

I'm looking through some syslog logs files in my ELK stack and noticed that all the syslog_severity fields are 'notice', when I can verify in the log files that they are not 'notice'. Seems like Logstash is defaulting syslog_severity to notice.…

syslog logstash filter elk grok

asked Feb 07 '17 at 22:57

Celi Manu

161
1
1
5

1

vote

0 answers

Logstash filter: syslog_pri always defaulting to notice?

I'm looking through some syslog logs files in my ELK stack and noticed that all the syslog_severity fields are 'notice', when I can verify in the log files that they are not 'notice'. Seems like Logstash is defaulting syslog_severity to notice. I…

logging syslog logstash filter elk

asked Feb 07 '17 at 16:21

Celi Manu

161
1
1
5

1

vote

1 answer

Using ELK X-pack for general purpose alerts and alarms

The X-pack package from Elastic is fully integrated with Elasticsearch and Kibana to provide (among other things) an alarm reporting platform. I believe that the regular use case is to build that from Kibana, with alarms as the results of particular…

elasticsearch kibana elk

asked Oct 29 '16 at 12:26

Cedric H.

159
1
8

1

vote

0 answers

How does Docker Daemon handle large log output?

I have a number of server applications running in Docker. The output is configured to go to an elk stack. I've had a number of troubles with the elk stack and am considering going back to vanilla Docker logging. My concern is scalability. My…

logging docker elk

asked Oct 08 '16 at 06:40

Hawkeye

2,669
9
30
34

1

vote

1 answer

elastic's snapshot and restore module repository_exception

I'm using elk-docker and trying to follow Snapshot And Restore | Elasticsearch Reference [2.4] | Elastic and getting following error: # curl --request PUT --data '{ "type": "fs", "settings": {"compress": true, "location":…

snapshot elasticsearch elk

asked Sep 25 '16 at 19:01

alexus

12,342
27
115
173

1

vote

0 answers

Visualize multiline ruby exceptions in kibana 4

I have setup the latest version of Kibana4 ElasticSearch stack. The logs are being pooled from remote app sources which are running on Ruby. I want to search for Multi Line exceptions created by ruby. Is there a way in kibana where we can search…

ruby-on-rails elasticsearch logstash kibana elk

asked Jan 28 '16 at 13:12

Swapnil jaiswal

111
5

1

vote

0 answers

Filebeat and downstream availability

I read here and there that a broker (like Redis) might not be required in the log pipeline (typically ELK) when Filebeat is used. From Filebeat's official page: [Filebeat] is intelligent enough to deal with [...] the temporary unavailability of…

logging elasticsearch elk

asked Dec 23 '15 at 09:42

Maxim Gueivandov

83
1
9

1

vote

2 answers

Passing JSON application log to remote LogStash via NXLog on Windows

I have been trying to pass logs from a windows application which are already formatted in JSON to logstash via NXlog. When I have NXLOG send the file to Logstash, I get blasted with errors in the logstash.log: :message=>"An error occurred. Closing…

logstash json nxlog elk

asked Apr 26 '15 at 00:45

Noobixide

126
1
13

0

votes

0 answers

ELK - Logstash not picking up syslog events

I'm setting up a ELK cluster using Centos 8 and version 7.4 of Elasticsearch, Logstash and Kibana. My issue is with Logstash not picking up the events coming through syslog. Configuring Logstash to read from files and sending it to elasticsearch it…

linux centos elasticsearch logstash elk

asked Nov 20 '19 at 11:43

Adonist

267
2
9

0

votes

1 answer

logstash not able to upload data to elasticsearch even the pipeline started

I am using elasticsearch 7.1.1 and logstash 7.1.1. I am trying to upload a log file to elastic search using grok filter. Pipeline is getting started, but data is not getting uploaded. Here is my config file. input{ file { path =>…

elasticsearch logstash elk

asked Jun 14 '19 at 08:46

Pankaj Kumar

11
3

0

votes

1 answer

Using Elasticsearch or Logstash output?

I have been going through a few tutorials on using beats to send data to elasticsearch. I noticed that some tutorials prefer to use logstash as the output which then outputs to elasticsearch. Some other tutorials output directly to elasticsearch. In…

elasticsearch logstash elk

asked May 28 '19 at 07:35

tread

413
2
4
21

Questions tagged [elk]