Sending output to logstash

Question

I am very new to the ELK stack and I am having some difficulty wrapping my head around it.

I have a test configuration under /etc/logstash/conf.d/test.conf that looks like this:

input {
    stdin { }
}
output {
    elasticsearch {
        hosts => ["localhost:9200"]
        index => "test"
}
    stdout{ }
}

When I run sudo /opt/logstash/bin/logstash -f /etc/logstash/conf.d/test.conf I see the output in stdout in the following form: 2016-08-04T10:09:46.406Z myserver.local hello world, but I don't see it apper in Kibana.

I think I might have created the index wrong, as I am not 100% sure how to do it.

Answer 1

Summarizing the comments with some pointers into an answer as it solved your problem.

Using index => "test" is the correct way. You can also give a field value as index name using index => "%{fieldname}".

1. Your config is correct. I have tested it and your config is correct. It is creating an index test in elasticsearch.
2. You can check your index is created or not by listing all the indices present in elasticsearch by using localhost:9200/_cat/indices/?v in your browser.
3. The port number which you give in your config should match the port number for which elasticsearch is configured. Giving a different port number without configuring in elasticsearch will not work. The default port number is 9200.
4. You might also want to check if the port number you are using is already in use.
5. If all of the above is verified and index is created in elasticsearch then you should be able to see it in kibana as well. Now you can go ahead and create the pattern in kibana with the index name test.
6. As mentioned in @alpert's answer you should play around with the timepicker and adjust it to see the results.

Answer 2

I guess you dont see anything because of your time interval that is at the top right of your browser. May be your document is older than that interval - it is usually Last 15 minutes. Change it to a bigger intevar like Today etc