After removng ELK, I migrated to opensearch.
Now I have the following packages:
logstash-oss , opensearch and opensearch-dashboards
I get my data in input such as:
input {
udp {
.....
It’s work and even I can my information in stdout {} I don’t have problem with them.
I have the following filter for jasonize my information:
filter {
dissect {
mapping => {
"message" => "%{timestamp} %{+timestamp} %{+timestamp} %{year} %{priority} %{sourceIP} %{host} %{msg}"
}
remove_field => ["message"]
}
kv {
source => "msg"
remove_field => ["msg"]
}
}
And with stdout { } I can see jsonized my information.
With output I send my information to opensearch:
output {
opensearch {
host => ["https://127.0.0.1:9200"]
user => "admin"
password => "mypasswd"
ssl => false
ssl_certificate_verification => false
index => "logstash-logs-%{+YYYY.MM.dd}"
}
}
When I see index management, I can see name of my index, But When I open discover I only see 2 index pattern (default sample) and I don’t see my pattern.
How can I search in my index?