Input file start_position => "beginning" doesn't work even after deleting .sincedb files

Prathamesh · February 19, 2017, 6:16am

Hello World

Version: ElasticSearch-5.2.1/Logstash-5.2.1/Kibana-5.2.1
OS: Windows 2008

I've just started working on the ELK Stack & am facing some problems loading data
I've got the following .json code

input {
  file {
    path => "D:\server.log"
	start_position => beginning
  }
}
filter {  
        grok {
                match => ["message","\[%{TIMESTAMP_ISO8601:timestamp}\] %{GREEDYDATA:log_message}"]
            }
			date {
match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
target => "@timestamp"
}
        }
output {
  elasticsearch {
    hosts => "localhost:9200"
  }
}

I've deleted the .sincedb files

And yet when I extract log info in Kibana, I can see data starting only since I first parsed
I've got data worth 2-3 months in my log file

Please advise

Thanks
P

magnusbaeck · February 22, 2017, 6:37am

Hard to tell what's going on. If you increase Logstash's log level and check your logs you'll get clues about what the file input is doing.

system · March 22, 2017, 6:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash file input not working Logstash	8	8048	May 19, 2017
How to get the ouput Logstash	5	681	July 6, 2017
Logstash doesn't parse logs if i don't define start_position Logstash	3	307	March 24, 2021
Elasticsearch data indices is not creating when start_position = beginning in logstash input file plugin? Logstash	3	194	June 2, 2023
Abnormal "file" input behavior? Elasticsearch	2	333	July 6, 2017

Input file start_position => "beginning" doesn't work even after deleting .sincedb files

Related topics