Log file doesnt read

Elastic Stack Logstash
1

HI everybody,
I wanna read and deploy data from file logs but when i started the logstash service appears the following data

Logstash.log

[2021-05-21T13:50:38,097][INFO ][logstash.inputs.file ][squid] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/var/lib/logstash/plugins/inputs/file/.sincedb_9ef76f6aaa5722c81eb9cb660b632a37", :path=>["/var/elastik/pms02/access.log"]}
[2021-05-21T13:50:38,109][INFO ][logstash.inputs.file ][squid] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"/var/lib/logstash/plugins/inputs/file/.sincedb_bc022acd271cc54450830240e51713f8", :path=>["/home/jallende/proxy/access.log"]}
[2021-05-21T13:50:38,111][INFO ][logstash.javapipeline ][squid] Pipeline started {"pipeline.id"=>"squid"}
[2021-05-21T13:50:38,135][INFO ][filewatch.observingtail ][squid][f310f544beb0fb25a5a052e372254cf1ef84bda1af8f85bb860d3a56b2867fba] START, creating Discoverer, Watch with file and sincedb collections
[2021-05-21T13:50:38,136][INFO ][filewatch.observingtail ][squid][2672c03cfc8a738f179cf98f26c62a0bf8bc39fdfed0a326e19f03b9a0413c78] START, creating Discoverer, Watch with file and sincedb collections

this is the configuration for the index

logstash.conf

input {

    file {
          path => "/home/jallende/proxy/access.log"
    start_position => "beginning"
    tags=> ["prueba"]
    }

     file {
          path => "/var/elastik/pms02/access.log"
    start_position => "beginning"
    tags=> ["pms02"]
    }




}
filter {
        grok {

match => [ "message","%{NUMBER:timestamp}%{SPACE}%{NUMBER:duration}\s%{IP:client_address}\s%{WORD:cache_result}/%{POSINT:status_code}\s%{NUMBER:bytes}\s%{WORD:request_method}\s%{NOTSPACE:url}\s%{NOTSPACE:user}\s%{WORD:hierarchy_code}/(%{IP:dst_addrss})?%{NOTSPACE:server}\s%{NOTSPACE:content_type}" ]
                }
        date {
                match => [ "timestamp", "UNIX" ]
                remove_field => [ "timestamp" ]
             }

        }

output {
  elasticsearch {
  "hosts" => "localhost:9200"
  "index" => "squid"
  }
stdout {  }
}

But the files that were created in the server related to since are empty and there haven create the index related to squid.

any ideas?

PD: the log files has content

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.