Logstash Job with Real-time visualization with Kibana (Lecture 16)

windows users if logstash is not working, set sincedb_path='nul' ; if config file is unable to be read, place it in logstash/bin and use "logstash -f logstash_cars.conf" in cmd, in the bin directory

Made the right choice to watch these videos on ELK, weldone man. Great video, simplified and clear explanation. Thanks a million

still valid 2 years later! I just want to add - sincedb_path => "/dev/null" was causing me error and I removed it to get rid of the error

Can you make a Playlist with ELK stack lessons ? because i cant find all your vids..

Beautifully tutorial .. thanks Imtiaz

Very through explanation with clear step-by-step directions. Thank you!

Thank you so much! Your videoes about ELK are exactly what I need!

Excellent Explained EE+ 1000000+ INCREMENTAL LIKES

How do you display that the terminal is "working/ calculating " busy"? Mine just give no indication if stuck or still working on smth.

Once the data is indexed into Kibana, is it persistent after Logstash is closed? Through reboots?

Hello Imtiaz
I tried creating the config file to load the csv and ran the logstash in cmd. I encountered with the following error:
Please help!!
C:\Users\adi230688\Desktop\ELK\logstash-6.4.0\bin>logstash -f C:\Users\adi230688
\Desktop\ELK\logstash-6.4.0\bin\logstash-chk.conf
Sending Logstash logs to C:/Users/adi230688/Desktop/ELK/logstash-6.4.0/logs whic
h is now configured via log4j2.properties
[2018-08-28T00:13:36,942][WARN ][logstash.config.source.multilocal] Ignoring the
'pipelines.yml' file because modules or command line options are specified
[2018-08-28T00:13:39,035][INFO ][logstash.runner ] Starting Logstash {"
logstash.version"=>"6.4.0"}
[2018-08-28T00:13:45,431][ERROR][logstash.inputs.file ] Unknown setting 'sta
rt' for file
[2018-08-28T00:13:45,459][ERROR][logstash.agent ] Failed to execute ac
tion {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"L
ogStash::ConfigurationError", :message=>"Something is wrong with your configurat
ion.", :backtrace=>["C:/Users/adi230688/Desktop/ELK/logstash-6.4.0/logstash-core
/lib/logstash/config/mixin.rb:86:in `config_init'", "C:/Users/adi230688/Desktop/
ELK/logstash-6.4.0/logstash-core/lib/logstash/inputs/base.rb:60:in `initialize'"
, "org/logstash/plugins/PluginFactoryExt.java:233:in `plugin'", "org/logstash/pl
ugins/PluginFactoryExt.java:166:in `plugin'", "C:/Users/adi230688/Desktop/ELK/lo
gstash-6.4.0/logstash-core/lib/logstash/pipeline.rb:71:in `plugin'", "(eval):8:i
n `'", "org/jruby/RubyKernel.java:994:in `eval'", "C:/Users/adi230688/Desk
top/ELK/logstash-6.4.0/logstash-core/lib/logstash/pipeline.rb:49:in `initialize'
", "C:/Users/adi230688/Desktop/ELK/logstash-6.4.0/logstash-core/lib/logstash/pip
eline.rb:90:in `initialize'", "C:/Users/adi230688/Desktop/ELK/logstash-6.4.0/log
stash-core/lib/logstash/pipeline_action/create.rb:38:in `execute'", "C:/Users/ad
i230688/Desktop/ELK/logstash-6.4.0/logstash-core/lib/logstash/agent.rb:309:in `b
lock in converge_state'"]}
[2018-08-28T00:13:46,582][INFO ][logstash.agent ] Successfully started
Logstash API endpoint {:port=>9600}
C:\Users\adi230688\Desktop\ELK\logstash-6.4.0\bin>

Fantastic. The best i´ve found so far.

Why there are model.keyword and model? Is there a way to delete one of them?

I'm using xpack security in Elastic search and my java logs are not getting configured in kibana through logstash. Can you please let me know the issue also if there any config file changes required then please share with me.

Precise and very informative, niice

Great video! i am confused about how to upload several related csv files use logstash but just use an index， have u ever use the graph function of the kifana?

How do you load nested json to elaticsearch using logstash ? and also nested data from rdbms? can you please share a example conf

How much resources does kibana use? Also how impacted is your production

Hi Imtiaz, While running the logstash command I am getting an error like : java.IllegalStateException. Can you please help me to solve it. It is related to jdk version? I am using jdk 1.8.0_215

Thanks, make more about elastic search videos 👍

hi i am getting below error and all data is not indexing
org.elasticsearch.ElasticsearchParseException: failed to parse date field [-764144999999] with format [epoch_millis]: [failed to parse date field [-764144999999] with format [epoch_millis]]

I was able to get all the data into elastic search and mimic all your steps, but I'm having trouble with elasticsearch not recognizing the date columns. When trying to setup a date range or historgram in a visualization, it doesn't recognize the date columns as date, but instead string as you stated in the beginning.

very nice tutorial, everything is explained so clearly

Hi Imtiaz,
While running the logstash command with the config file, I am getting the following error:
warning: ignoring JAVA_OPTS= -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -Dlog4j2.isThreadContextMapInheritable=true ; pass JVM parameters via LS_JAVA_OPTS
Any idea how to tackle this.

Where is tutorial #1 of this series?

whether to make the visualization automatically using the script. so when having a lot of data do not need to make visualization one by one. if you can how the example script to create the visualization. thank you

Can Kibana Display Images?

@imtiaz : Excellant explannation, please do provide the links to previous lectures, couldnt find it.
And pplease do a video on kibana visualization for maps

"pipeline has started successfully " this msg is printed in the command prompt but it doesnt shows the data which is loaded in the csv file....what must be issue in that ......help me with it

could youu tell me this ELK comes under devops or data science

my logstash config file is not loading the data

Is it normal to take a while to run after logstash was started sucessfully?

how to read more than 3 logs file from same server and create different index for the diff file ?I have tried with type but it is not working with more than 2 files .

@Imtiaz Ahmad I have a question. All this is happening on your local machine. How do I do this on an AWS ES domain?

Anyone else having issues with loading the data?
Getting an error like pipelines.yml cannot be loaded.
Help me please,
Thanks alot

Great video. It was very useful for me. Thank you

Great job Imtiaz

I'm getting an error as Error: No such file or directory - C:\dev
ull.
How can I get ride-off it?

the lecture is very old and the logstash -f won't work your configuration

Lo amo man gracias llevaba mucho tiempo tratando de subir mi archivo y no sabia bien la ruta

Why is it that after I successfully create my pipeline, my data is still not in kibana though my index is?

Hello imtiaz,
Nice tutorial for beginner level. I have a query, the cars data is not going to elastic search. I have did same configuration as per windows. In the log file, pipeline started and logstash is also properly running, but data is not going
Can you please help or anyone ?
Bye, thanks and regards

is data drill down possible in kibana ???

Great video! Thanks!

I enjoyed watching this. Thanks for the video .

Hello what about the tile map please ?

how to join 2 csvs files

When video with JMS?

Thank you so much, It was very useful for me

Suppose if i wan't to push sample.log file which contains data in text/JSON, how can we update the filter part in config file. ?

the price_eur column was defined as a float in the logstash configuration file but kibana is showing it as Number, Why so?

What is the extension of the config file-XMl? I am not able to run this configuration file

it says something is wrong with your configuration I m using windows for this and have followed your steps
there is an error saying "block in initialize" what does this mean
Also it says unknown setting 'seperator' for csv
failed to execute action

I enjoyed watching this video, thank you very much

Very helpful tutorial!

Where is previous lectures

Pakka explaination! Thanks a lot

Logstash not executing after pipeline started.
It's just displaying the following output:
Settings: Default pipeline workers: 4
Pipeline main started

its work for me, many thanks

Excellent video

Hi,
I could not find Lecture 15

Yeaaar, thanks, work for me!!!

Amazing video

Please Where is the older Lecture

Great videos.

Not sure what really happened but the same steps were followed but it just gets stuck.. Any idea..
[2018-10-12T14:22:15,859][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5}
[2018-10-12T14:22:16,647][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[localhost:9200/]}}
[2018-10-12T14:22:16,663][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>localhost:9200/, :path=>"/"}
[2018-10-12T14:22:16,896][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"localhost:9200/"}
[2018-10-12T14:22:17,019][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>5}
[2018-10-12T14:22:17,058][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost"]}
[2018-10-12T14:22:17,251][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-10-12T14:22:17,298][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-10-12T14:22:17,876][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#"}
[2018-10-12T14:22:17,949][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2018-10-12T14:22:18,014][INFO ][filewatch.observingtail ] START, creating Discoverer, Watch with file and sincedb collections
[2018-10-12T14:22:18,561][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

i am getting error as can not create pipeline :(

I am trying to run ELK on windows, i was able to run elasticsearch and kibana successfully but whenever i run the config file of logstash, it says "No log4j2 configuration file could be recognized", it's almost been a week now since i am trying to run it. Please help.

thanks for this video.

thanks amazing videos

how the do please install logstash

03:53 config file

Nothing realtime about dashboards as promises