Hi,
I am trying to export an index to a csv file with the following config:
input {
elasticsearch {
hosts => [ "localhost:9200" ]
query => '{ "query": { "query_string": { "query": "*" } } }'
index => "index-2017.04.01*"
docinfo => true
}
}
output {
csv {
fields => [ "@timestamp", "field1", "field2" ]
path => "/tmp/csv-export.csv"
}
}
However; if I start logstash, no csv file is created and the log shows this:
[2018-12-21T16:33:56,589][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.2"}
[2018-12-21T16:34:04,362][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-12-21T16:34:05,775][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x237e644b run>"}
[2018-12-21T16:34:05,944][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2018-12-21T16:34:06,984][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-12-21T16:34:10,603][INFO ][logstash.pipeline ] Pipeline has terminated {:pipeline_id=>"main", :thread=>"#<Thread:0x237e644b run>"}
What could be the reason for this?
thanks!