Logstash.conf location in Windows

Elastic Stack Logstash
1

Hi,

Have just started with ELK and following a couple of guides have got it working (I think). I am moving on to the next step of monitoring Exchange traffic and following this guide (it uses an older version) https://elijahpaul.co.uk/analysing-exchange-2013-message-tracking-logs-using-elk-elasticsearch-logstash-kibana/, but can't find the logstash.conf file in /etc/logstash/conf.d/.

I am using a Windows VM (I know the path above is for *Nix) and have installed:

  • elasticsearch 5.3.2
  • kibana 5.3.2
  • logstash 5.3.2
  • nssm 2.24

Could someone tell me where I can find logstash.conf, so I can add my inputs, filters and outputs?

Thanks
Tony

2

The link you provided mentions that you have to create and add the config file on your own as a "someconfig.conf"
In that you may provide the details required (input,filters,output) for you use case.
Make sure you dont save the file as .txt, it should be ".conf"

3

Thanks Karnamonkster. Where do I create them in a Windows file structure...the tutorial only provides *nix paths? My system in Windows.

4

You may create it on any partition on windows where logstash has access to.
I use the command line to parse a logfile for example:

F:\elkstack\logstash-5.4.0\bin>logstash -f C:\Users\somepath\Desktop\yourconfig.conf --debug

or you may refer to the following

5

Thanks again.

I have run the command (D:\ELK\logstash-5.3.2\bin\logstash -f D:\ELK\logstash-5.3.2\01-inputs.conf\exchange_msg_trk.conf --debug) and I get the following errors:
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.
Could not find log4j2 configuration at path /ELK/logstash-5.3.2/config/log4j2.properties. Using default config which logs to console

11:02:43.250 [LogStash::Runner] ERROR logstash.agent - Cannot load an invalid configuration {:reason=>"Something is wrong with your configuration.", backtrace=>["D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/config/mixin.rb:125:in config_init'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/outputs/base.rb:63:ininitialize'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/output_delegator_strategies/shared.rb:3:in initialize'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/output_delegator.rb:23:ininitialize'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/pipeline.rb:91:in plugin'", "(eval):147:ininitialize'", "org/jruby/RubyKernel.java:1079:in eval'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/pipeline.rb:60:ininitialize'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/pipeline.rb:139:in initialize'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/agent.rb:277:increate_pipeline'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/agent.rb:95:in register_pipeline'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/runner.rb:264:inexecute'", "D:/ELK/logstash-5.3.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:inrun'", "D:/ELK/logstash-5.3.2/logstash-core/lib/logstash/runner.rb:183:inrun'", "D:/ELK/logstash-5.3.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "D:\\ELK\\logstash-5.3.2\\lib\\bootstrap\\environment.rb:71:in(root)'"]}

Could you help with these?
Thanks

6

Solved. Changed the hosts section to
[ "localhost:9200" ]
and it's working great

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.