I've been trying to get the file input plugin to work with the nginx access log to no avail.
I've confirmed that the logstash user has read and execute access to /var/log/nginx/access.log, and I'm able to use sudo -u logstash tail /var/log/nginx/access.log -f in order to tail and follow the file.
The sincedb file is not being created in the logstash user home directory, and there is no mention of it in the log files.
I've set config.debug: true and log.level: trace
Here is a copy of my config file:
path => ["/var/log/nginx/access.log"]
start_position => "beginning"
type => "nginx_access"
hosts => "https://f51f8c6f2f22df11a038cc6759aec814.us-east-1.aws.found.io:9243"
user => "elastic"
index => "logstash-mattjnginx"
When I check curl -s 127.0.0.1:9600/_node/stats/?pretty | less, it says there were 0 events registered
I was able to get the logs shipped up using the filebeat input plugin as well through the syslog plugin and rejigging the nginx configuration to send the access logs to syslog, but I'm confused as to why this isn't working.
Also, system specs:
logstash version: 6.1.1
OS: Amazon Linux - Linux version 4.9.62-21.56.amzn1.x86_64 (mockbuild@gobi-build-64013) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)