Cannot read input from file using Logstash

NITISH_GUPTA · June 2, 2020, 12:11pm

Logstash is successfully starting and running but there is no update on the elasticsearch cluster. I also tried output to stdout but nothing was displayed.
Below is the following config file of logstash.

input {
 	file {
 		path => ["C:\Users\nitis\Downloads\sample.log"]
 		start_position => "beginning"
 	}
 	
 }

 output
 {
  elasticsearch {
 	hosts => ["http://localhost:9200"]
 	index => "testindex2"
 	}	
 }

Request for help.

ptamba · June 2, 2020, 12:57pm

is the file read by logstash updated ?

there is a sincedb_path that keep tracks the file reading, which defaults to /plugins/input/file . you might want to check that file first to see whether logstash has previously read the file

abrx · June 2, 2020, 1:10pm

In addition of the since_sb check, you should check that logstash user has sufficient permissions to the file AND parents folders (exampe of root:root folder)

Badger · June 2, 2020, 1:11pm

Do not use backslash in the path option of a file input. Use forward slash (or \\).

NITISH_GUPTA · June 2, 2020, 1:19pm

I have three since_db files but all are of zero KB.
What does that mean ?
And how to resolve this.
I am new to Elastic stack and just learning to read a log file using logstash and redirecting it to elasticsearch cluster index
I also tried input from stdin and stored it in an index.
That worked for me.
Also I wanted to know , what does the message field of doc displays in case of a file. In stdin , it displayed the inputted text. Please throw some light

NITISH_GUPTA · June 2, 2020, 1:22pm

Logstash automatically does that.
So it doesn't matter. I saw that in the logs during startup of logstash

NITISH_GUPTA · June 2, 2020, 1:23pm

And how to check that?

NITISH_GUPTA · June 4, 2020, 5:57am

Hey anyone , please reply and help.

tamilsweet · June 4, 2020, 6:04am

Add stdout to Logstash output to verify if content is read from the file properly. Make sure to start Logstash using -e command line flag.

Ref: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-stdout.html

output
{
  elasticsearch {
   hosts => ["http://localhost:9200"]
   index => "testindex2"
  }
  stdout {  }
}

Once you verify that the content are read from file, then you can debug in Elasticsearch side.

system · July 2, 2020, 6:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.