Discuss the Elastic Stack

Data sending to ES without using Filebeat

Elastic Stack Logstash

Ganesh2303 (Ganesh) September 5, 2018, 9:50am 1

HI,
I want to send data from logstash to ES without filebeat. I use docker command to start the logstash service and log is JSON. pLease find the below code and tell me where im commiting mistake,
input{
file{
path => "/root/logstash/logs/*.log"
#type => "json"
}
}
filter {
grok {
match => [ "message", "%{GREEDYDATA:msg}" ]
}
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["xxxxxx:9200"]
index => "report-sample-%{+YYYY.MM.dd}"
workers => 1
}
}

magnusbaeck (Magnus Bäck) September 5, 2018, 9:58am 2

There's nothing obviously wrong with your configuration, but:

Your grok filter is rather useless.
You have configured the file input to tail the input files. If you want the files to be read from the top you'll have to make some adjustments. See the file input documentation and the countless previous threads on this topic.
Are the log files actually available in /root/logstash/logs inside the container? Does the user that Logstash runs as have access to those files?

Ganesh2303 (Ganesh) September 5, 2018, 10:10am 3

Your grok filter is rather useless.
Removed this one
You have configured the file input to tail the input files. If you want the files to be read from the top you'll have to make some adjustments. See the file input documentation and the countless previous threads on this topic.
added starting_postition => "beginning"
Are the log files actually available in /root/logstash/logs inside the container ? Does the user that Logstash runs as have access to those files?
yes i have provide that chmod 775

magnusbaeck (Magnus Bäck) September 5, 2018, 10:28am 4

added starting_postition => "beginning"

Okay, but make sure you clear the current sincedb state (if any). start_position only matters the first time Logstash discovers a file.

yes i have provide that chmod 775

If you increase Logstash's loglevel it'll tell you what the filename patterns expand to. That's a simple way of checking if the problem is that Logstash can't find or read the input files.

Ganesh2303 (Ganesh) September 5, 2018, 12:27pm 5

how to increase the logstash's loglevel?

magnusbaeck (Magnus Bäck) September 5, 2018, 12:36pm 6

There's a command line options for that, or you can set it via logstash.yml. Both methods are described in the documentation.

system (system) Closed October 3, 2018, 12:36pm 7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.