Logash 1.4.1, Windows Server 2008, Tomcat 7.0.30, stuck with localhost_access_log.2014-06-16.txt

Elastic Stack Elasticsearch
1

Hi!
I have stuck with logfile initialization in Windows using Logstash. I want
to make logstash read localhost_access_log, but seems that Logstash can't
understand (or maybe I am somewhere wrong) my path that I try to pass in
config-file.
input section contains this:
file {
codec => multiline {
pattern => "^\s"
what => "previous"
}
discover_interval => 15 # number (optional), default: 15
path => ["c:\apache\logs\foolog.log"] # array (required)
start_position => "end" # string, one of ["beginning", "end"]
(optional), default: "end"
stat_interval => 1 # number (optional), default: 1
tags => "foo-mon" # string (optional)
type => "fooobar"
}
and contents of c:\apache\logs\foolog.log logfile appear in elastic.

But with C:\Apache\logs\localhost_access_log.2014-06-16.txt there is a
problem - Logstash doesn't want to read this file.
Configuration is like this (we also tried to add codec as above):
file {
discover_interval => 5 # number (optional), default: 15
#exclude => ... # array (optional)
path => ["c:\apache\logs\localhost_access_log.*.txt"] # array (required)
start_position => "end" # string, one of ["beginning", "end"]
(optional), default: "end"
stat_interval => 1 # number (optional), default: 1
tags => "foo-mon" # string (optional)
type => "access"
}

Please, can someone help?

What we also tried:
if I rename localhost_access_log.2014-06-16.txt to localhost_access_log.txt
(I also changed name in config), started logstash and changed contents of
localhost_access_log.txt - it finds file and writes to elastic.
Renamed to localhost_access_log.2014.txt and used wildcard
localhost_access_log.*.txt - not working, so this is not a minus character.
:frowning:

C:\logstash\lib\logstash\version.rb says
LOGSTASH_VERSION = "1.4.1"

Someone have any ideas why wildcard is not working?
Thanks

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/8391119b-b30d-49f2-8133-1b46e4cc721c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

Have this in logstash log itself:

{:timestamp=>"2014-06-16T15:01:50.817000+0300",
:message=>"_discover_file_glob:
c:\apache\logs\localhost_access_log2.*.txt: glob is: []",
:level=>:debug,
:file=>"/logstash/vendor/bundle/jruby/1.9/gems/filewatch-0.5.1/lib/filewatch/watch.rb",
:line=>"117"}

It looks like logstash can't understand asterisk...

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3ee56a55-304e-425c-9237-e46c37383ea1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

3

Done! Damn slashes! It should be as this, then glob search works fine: "/"

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9d2fb117-41ac-4616-9011-600c1d80c02e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.