I would like to ask if Logstash 5.0.0 alpha3 configuration is compatible with the version 2 config file?
I am asking cause I have copied my old version 2.x config file into /etc/logstash/conf.d/ but in elasticsearch does not seam that the information it is parsed by the config file.
I don't get any error messages in the log files. I am parsing some nginx access.log with filebeat and forward it to logstash to parse the logs with some grok and also apply a geoip on the IP address and I observed that in the elasticsearch the information which is coming to logstash is stored as it is without being parsed by the grok and geoip filters.
I have multiple checks, logstash index is increasing in size, logstash data shows up in elasticsearch unprocessed, tcpdump on the logstash/beats port on the server where filebeat is running show traffic.
I have figured it out, The new filebeat has two config file one normal and one full the normal one does not have the document_type configuration and since my logstash config does need the document type to be nginx-access it does not parse the logfiles which came with the default document_type: log. Once I configured the full file and renamed it to filebeat.yml everything started to work correctly.
However I am still not able to get the logs on logstash.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.