So i Have a daily log file the this with 3 sections time / priority / message like this below
03-Jul-2020 10:24:00.773 +01:00 [INF] User profile is available. this C:/ as key repository and Windows API to encrypt keys at rest.
03-Jul-2020 10:24:01.221 +01:00 [WRN] Overriding address(es) 'http://localhost:5001'. Binding to endpoints defined in UseKestrel() instead.
03-Jul-2020 10:24:02.914 +01:00 [INF] Request starting HTTP/1.1 GET http://localhost:5001/api/v1/events
then i have a logstash config file
input {
file {
start_position => "beginning"
mode => "read"
sincedb_path => "sincedb.log"
path => ["C:\Logs\*.txt"]
}
}
filter {
grok {
match => { "message" => "%{SYSLOGBASE} %{WORD:priority} %{WORD:description}" }
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["localhost:9200"]
index => "logs-%{+xxxx.ww}"
}
}
but nothing is happening i think the grok is wrong as well but even without the filter its not putting data in to the log index
any ideas or help? Thanks in advance