1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Logstash Service not working

Discussion in 'Install Logstash and Kibana on a Windows server.' started by Vishal Gakhare, Sep 30, 2015.

  1. Vishal Gakhare

    Vishal Gakhare New Member Member

    I hosted logstash as service using the step 12 (created separate bat file). However, when I run Kibana, it shows there is no index created on ES That means, logstash is not working and moving the data when it is run as Windows Service. The same logstash configuration works when logstash.bat is run from the command prompt.
    I am on Windows Server 2008, logstash 1.5.3, ES 1.6, Kibana 4.
     
  2. Vishal Gakhare

    Vishal Gakhare New Member Member

    I updated the command in run.bat file to include logging and it worked.
     
  3. sbagmeijer

    sbagmeijer Machine

    Could you show how you resolved it so I can add it as a note to the guide?
     
  4. Vishal Gakhare

    Vishal Gakhare New Member Member

    I wanted to see what logstash is doing if it's not pulling log data, so I turned logging on:
    logstash agent -f logstash.conf --log logfile.log --verbose

    Interestingly, logstash successfully loaded data into ES and Kibana found the index.
     
  5. sbagmeijer

    sbagmeijer Machine

    Aah I understand :)! Is there anything about the guide you think could be improved?
     
  6. Vishal Gakhare

    Vishal Gakhare New Member Member

    I have added Basic Auth on Kibana. I guess the guide doesn't have this step. I am working on securing the ELK set up, that means, authentication on Kibana and ES.
    I could set up Basic Auth on Kibana and OpenSSL cert auth on ES. They work good if the other one is turned off but together user is in the loop of constant authentication. May be I will just keep the Kibana Auth.

    Major effort setting up ELK goes in configuring logstash. One key thing that I learnt to set the since_db path. This db keeps track of the files being watched and processed. When we're testing, we cannot use the files already processed because of this since_db. I need to clear the since_db file to keep using the same log files. Logstash configuration in itself would require separate guide, I think.
     

Share This Page