Load old data to ElasticSearch

Codrin_Costea · March 12, 2018, 1:35pm

Hello !

I am new to Elastic Search and I would need some help in one problem. I try to load multiple log files from my proxy to Elastic Search, through logstast. The steps that I am following are:

Create the .conf file
Run it with console
Create an index in Kibana

Sometimes it works and loads the logs into Kibana, but the problem is that I don't have all the logs. I am trying to import thousands of logs because I have to analyze some times in my proxy. This is my input field. What commands should I add in order to import all the logs in kibana ?

input
{
file {
path => " ..... "
start_position=> beginning"
}
}

pjanzen · March 12, 2018, 1:40pm

Could you share your actual config? also when you paste it here can you use the </> tag to format it please?

Codrin_Costea · March 12, 2018, 1:42pm

   input
    {
    	file{
    			path=> "D:/Codrin/access+errors/*"
    			path=> "D:/Codrin/access+errors/*/*"
    			start_position=>"beginning"
    		}
    }
    filter 
    {
    	if [path]=~"error"{
    		grok{ match=> { "message"=>'%{DATE:timestamp} %{TIME:time} %{DATA:type} %{DATA:code} %{DATA:noneed1} %{DATA:noneed2} %{DATA:info} %{DATA:noneed3} %{DATA:ip} %{DATA:noneed4} %{DATA:server} %{DATA:noneed5} %{DATA:request} %{DATA:reques_url} %{DATA:httpver} %{DATA:noneed6} %{DATA:host} %{DATA:noneed7} "%{DATA:referrer}"'}}
    		} else if [path]=~"access"{
    					grok{ match=> { "message"=>'%{IPORHOST:remote_addr} %{USER:user} %{USER:user-name} \[%{HTTPDATE:timestamp}\] "%{WORD:verb} %{DATA:request} HTTP/%{NUMBER:httpversion}" %{NUMBER:body_bytes_sent} %{NUMBER:NotSureAboutTheFild} %{NUMBER:ResponseTime} %{QS:notsure} %{QS:agent}'}}
    					}
    }
    output
    {
    	stdout{codec => dots}
    	elasticsearch
    		{
    			hosts=>["localhost:9200"]
    			index=>"testerrorandmultiplefiles"
    		}
    }

pjanzen · March 12, 2018, 1:46pm

Thanks,

I think you need to double escape the paths ie: D://Codrin//access+errors//* but I never ever done anything with windows so I could be wrong here

Codrin_Costea · March 12, 2018, 1:49pm

Not sure if it is with //. I think this is not the problem because it reads some logs but others not. That's what I am trying to find.

pjanzen · March 12, 2018, 1:55pm

I am not sure but this thread might help?

Codrin_Costea · March 12, 2018, 2:47pm

Yes indeed ! Apparently this was the problem.

system · April 9, 2018, 2:47pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Loading a .csv file into Elasticsearch using Logstash Logstash	3	2050	July 6, 2017
Logstash can read and loaded the files into ES. But I cannot find the data in ES Elasticsearch	6	410	June 10, 2020
Logstash conf file unable to read file for csv import Logstash	8	2252	December 28, 2017
Can Logstash read multiple text files , store config data available in first lines and add it to all other lines Logstash	3	1419	May 6, 2021
I am not able to load csv data into elasticsearch & kibana Logstash	3	132	June 25, 2024

Load old data to ElasticSearch

Related topics