How can I import json data to elasticsearch?

Elastic Stack Logstash
1

I wrote config file and excuted that
but, I can't find the result in kibana(elasticsearch)
I don't know what is wrong. help me ~
I need your help.

this is my config file

input { 
	file {
	        
	 	path =>  "D:\2_elastic\NNIBR_bigdata\dbtest.json"
		start_position => "beginning"
		sincedb_path => "/dev/null"
		
		
        
	}
}


filter {
	json {
		source => "message"
		target => "parsedJSON"
		
	}
}
   


output { 
	

	elasticsearch  {
		hosts => ["localhost:9200"]
		index => "json_test-%{+YYYY.MM.dd}"
		manage_template => false
		template_name => jsontest_template
	}

	stdout { codec => rubydebug}
   
}

and I get the result like below

Sending Logstash logs to 
C:/ElasticStack/logstash-6.6.1/logs which is now configured via log4j2.properties

[2019-02-20T21:05:57,539][WARN ][logstash.config.source.multilocal] 
Ignoring the 'pipelines.yml' file because modules or command line options are specified

[2019-02-20T21:05:57,563][INFO ][logstash.runner          ] 
Starting Logstash {"logstash.version"=>"6.6.1"}

[2019-02-20T21:06:02,749][INFO ][logstash.pipeline        ]
 Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}

[2019-02-20T21:06:03,228][INFO ][logstash.outputs.elasticsearch]
 Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}

[2019-02-20T21:06:03,441][WARN ][logstash.outputs.elasticsearch] 
Restored connection to ES instance {:url=>"http://localhost:9200/"}

[2019-02-20T21:06:03,501][INFO ][logstash.outputs.elasticsearch] 
ES Output version determined {:es_version=>6}

[2019-02-20T21:06:03,505][WARN ][logstash.outputs.elasticsearch] 
Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>6}

[2019-02-20T21:06:03,535][INFO ][logstash.outputs.elasticsearch] 
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]}

[2019-02-20T21:06:03,554][INFO ][logstash.outputs.elasticsearch] 
Index Lifecycle Management is set to 'auto', but will be disabled - Your Elasticsearch cluster is before 7.0.0, which is the minimum version required to automatically run Index Lifecycle Management

[2019-02-20T21:06:04,122][INFO ][logstash.pipeline        ]
 Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x7c788499 run>"}

[2019-02-20T21:06:04,187][INFO ][logstash.agent           ] 
Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

[2019-02-20T21:06:04,197][INFO ][filewatch.observingtail  ] 
START, creating Discoverer, Watch with file and sincedb collections

[2019-02-20T21:06:04,607][INFO ][logstash.agent           ] 
Successfully started Logstash API endpoint {:port=>9600}
2

Change that to

path => "D:/2_elastic/NNIBR_bigdata/dbtest.json"
3

Thank you for your help
I resolved it.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.