File input not pulling in data

karlm · July 3, 2020, 2:38pm

So i Have a daily log file the this with 3 sections time / priority / message like this below

03-Jul-2020 10:24:00.773 +01:00 [INF] User profile is available. this C:/ as key repository and Windows API to encrypt keys at rest.
03-Jul-2020 10:24:01.221 +01:00 [WRN] Overriding address(es) 'http://localhost:5001'. Binding to endpoints defined in UseKestrel() instead.
03-Jul-2020 10:24:02.914 +01:00 [INF] Request starting HTTP/1.1 GET http://localhost:5001/api/v1/events

then i have a logstash config file

input {    
    file {
        start_position => "beginning"
        mode => "read"
        sincedb_path => "sincedb.log"        
        path => ["C:\Logs\*.txt"]
    }
}
filter {
      grok {
        match => { "message" => "%{SYSLOGBASE} %{WORD:priority} %{WORD:description}" }
      }
    }
output {
    stdout { codec => rubydebug }    
    elasticsearch {      
        hosts => ["localhost:9200"]
        index => "logs-%{+xxxx.ww}"
    }   
}

but nothing is happening i think the grok is wrong as well but even without the filter its not putting data in to the log index

any ideas or help? Thanks in advance

Badger · July 3, 2020, 3:43pm

Do not use backslash in the path option of a file input. It is treated as an escape. Use forward slash.

system · July 31, 2020, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
File input not working - again Logstash	3	1007	July 6, 2017
File input not working - logstash 2.2.2 Logstash	5	1314	July 6, 2017
File input not working Logstash	7	4864	January 2, 2019
File input not working in Windows Logstash	1	950	July 6, 2017
File input not sending to Elasticsearch Logstash	1	164	October 11, 2023

File input not pulling in data

Related Topics