Sending Logstash's logs to D:/Personal/logstash-6.1.2/logs which is now configured via log4j2.properties
[2018-01-31T10:24:36,576][INFO ][logstash.modules.scaffold] Initializing module{:module_name=>"fb_apache",:directory=>"D:/Personal/logstash-.1.2/modules/fb_apache/configuration"}
[2018-01-31T10:24:36,607][INFO ][logstash.modules.scaffold] Initializing module{:module_name=>"netflow",:directory=>"D:/Personal/logstash-.1.2/modules/netflow/configuration"}
[2018-01-31T10:24:37,044][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-01-31T10:24:37,887][INFO ][logstash.runner] Starting Logstash {"logstash.version"=>"6.1.2"}
[2018-01-31T10:24:38,496][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-01-31T10:24:46,807][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2018-01-31T10:24:46,822][INFO ][logstash.outputs.elasticsearch] Running healthcheck to see if an Elasticsearch connection is working {:healthcheck_url=>http:/
/localhost:9200/, :path=>"/"}
[2018-01-31T10:24:47,119][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2018-01-31T10:24:47,212][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
[2018-01-31T10:24:47,212][WARN ][logstash.outputs.elasticsearch] Detected a 6.xand above cluster: the type event field won't be used to determine the documen
t _type {:es_version=>6}
[2018-01-31T10:24:47,244][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-01-31T10:24:47,275][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>60001,
"settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_f
loat"}}}}}}}}[2018-01-31T10:24:47,322][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]}[2018-01-31T10:24:47,712][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500, :thread=>"#<Thread:0x3d8048db run>"}[2018-01-31T10:24:48,546][INFO ][logstash.pipeline ] Pipeline started {"pipeline.id"=>"main"}
[2018-01-31T10:24:48,717][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
here im getting this log
this is my conf file
input {
file {
path => "D:/Personal/Test_log_files"
type => "file"
}
}
filter {
grok {
match => [
"message",
"%{TIME:time} %{LOGLEVEL:level} [(?[^]]+)] ((?[^)]+)) %{GREEDYDATA:message}"
]
overwrite => ["message"]
}
date {
match => ["time", "MMM dd YYYY HH:mm:ss,SSS"]
remove_field => ["time"]
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "logstash-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
im not able to c the data in the ES i have pasted the latest log in the in folder path
please guide me
