Grafana not visualising logs
Question
I have installed elasticsrarch and logstash and Grafana to visualise system syslogs. Everything was working just fine, until yesterday at 7am when Grafana stopped refreshing and visualising any sort of syslogs in the browser. when I head to logstash terminal, I can see that I have syslogs coming in but in the terminal, but Grafana does not display them.
Did anyone faced this issue previously?
EDIT: this is my logstash.conf
input {
syslog {
port => 3014
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{TIMESTAMP_ISO8601:timestamp}"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash_index"
}
}
I do have a general question. Is there a way how to make my Grafana dashboard refresh every 1sec or even less, because to see the new data log, I have to manually refresh the dashboard.
1 answers
solution1
0 2021-05-16 15:36:54
On my first logstash.conf configuration I used this code to filter my data.
input {
udp {
port => my-port
type => syslog
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
But as I am receiving all kind of data from logstash to elastic search, this might have created an issue during the parse and the filtering, forcing Grafana not being able to retrieve those data (even if I was still able to process them in the terminal).. changing the logstash.conf to this:
input {
syslog {
port => my-port
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{TIMESTAMP_ISO8601:timestamp}"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash_index"
}
}
it solved my problem and now I am able to see all the data.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.