Logstash is successfully starting and running but there is no update on the elasticsearch cluster. I also tried output to stdout but nothing was displayed.
Below is the following config file of logstash.
input {
file {
path => ["C:\Users\nitis\Downloads\sample.log"]
start_position => "beginning"
}
}
output
{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "testindex2"
}
}
Request for help.
is the file read by logstash updated ?
there is a sincedb_path that keep tracks the file reading, which defaults to /plugins/input/file . you might want to check that file first to see whether logstash has previously read the file
In addition of the since_sb check, you should check that logstash user has sufficient permissions to the file AND parents folders (exampe of root:root folder)
Do not use backslash in the path option of a file input. Use forward slash (or \\).
I have three since_db files but all are of zero KB.
What does that mean ?
And how to resolve this.
I am new to Elastic stack and just learning to read a log file using logstash and redirecting it to elasticsearch cluster index
I also tried input from stdin and stored it in an index.
That worked for me.
Also I wanted to know , what does the message field of doc displays in case of a file. In stdin , it displayed the inputted text. Please throw some light
Logstash automatically does that.
So it doesn't matter. I saw that in the logs during startup of logstash
And how to check that?
Hey anyone , please reply and help.
Add stdout to Logstash output to verify if content is read from the file properly. Make sure to start Logstash using -e command line flag.
Ref: https://www.elastic.co/guide/en/logstash/current/plugins-outputs-stdout.html
output
{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "testindex2"
}
stdout { }
}
Once you verify that the content are read from file, then you can debug in Elasticsearch side.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.