Failed to use SQLite input. [SQLITE_ERROR] SQL error or missing database (no such table: since_table)

Rahmat_Agung_W · September 19, 2018, 2:16am

So I used SQLite input to read my sqlite db. This is my configuration:

input {
  sqlite {
    path => "/home/elk/data/dionaea.sqlite"
    type => dionaea-sqlite
  }
}
output {
   elasticsearch {   
    hosts => ["10.33.109.76:9200"]
	index => "%{[@metadata][dionaea}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
	}
	file {
            path => "/home/elk/log/dionaea-sqlite.json"
            codec => json
        }
        stdout {
            codec => rubydebug
        }
	}

And this is the error from logstash:
Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::Sqlite type=>\"dionaea-sqlite\", path=>\"/home/elk/data/dionaea.sqlite\", id=>\"f36b83df68bc2115012f2a0d11e51ec7ea84c4bb3a9196f997f9d522d3836bb7\", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>\"plain_5860c879-1d16-40eb-a3d4-72f76c86d3cb\", enable_metric=>true, charset=>\"UTF-8\">, batch=>5>", :error=>"Java::OrgSqlite::SQLiteException: [SQLITE_ERROR] SQL error or missing database (no such table: since_table)", :thread=>"#<Thread:0x49cf04b run>"}

it is said that there is no since_table, how to fix it?

AquaX · September 19, 2018, 2:16pm

I haven't worked with sqllite plugin before but my guess is that Logstash has to have permissions to write to the sqllite database in order to create the since_table.
The source for this is here:

https://github.com/elastic/logstash-contrib/blob/master/lib/logstash/inputs/sqlite.rb

Check your file permissions and maybe allow the logstash user to update the sqllite db file.

Rahmat_Agung_W · September 19, 2018, 2:54pm

Ok. I will try it.

system · October 17, 2018, 2:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.