i'm new to ELK stack and i am breaking my head trying to import single line json files to elasticsearch using logstach. nothing shows up at Elasticsearch (10.10.20.13:9200/monitor/_search?q=*) or kibana.
my json looks like:
{"host":"*********","cpu":"2.1","disk":"0.628242","memory":"0.324597","createAt":"2017-10-03T00:18:01"}
my config file: (after hours of searching i also added json codec & filter but with no change)
input{
file{
path => "/usr/share/logstash/log/monitor-sys-1506979201881.json"
sincedb_path => "/dev/null"
start_position => "beginning"
}
}
output{
elasticsearch {
hosts =>["10.10.20.13:9200"]
index => ["monitor"]
}
stdout {
codec => rubydebug
}
}
Another configuration i've tried without sucsess is:
input{
file{
path => "/usr/share/logstash/log/monitor-sys-1506979201881.json"
sincedb_path => "/dev/null"
start_position => "beginning"
type => "json"
}
}
filter{
json {
source => "message"
}
}
output{
elasticsearch {
hosts =>["10.10.20.13:9200"]
index => ["monitor"]
}
stdout {
codec => rubydebug
}
}
the command i'm running:
/usr/share/logstash/bin/logstash -f /opt/*****/sys-monit/logstash-sys-monitor.conf --path.settings /etc/logstash --verbose --debug
debugging produces the below result:
i'd appreciate any help on that.