Hi,
I am facing some issue, Logstash config is not pushing the data to elasticsearch, can anyone help me to solve this issue?, very first time it runs well when I am trying second time it's not working
input {
jdbc {
jdbc_driver_library => "C:\EKL\MSSQL_Driver\sqljdbc_6.0\enu\jre8\sqljdbc42.jar"
jdbc_driver_class => "com.microsoft.sqlserver.jdbc.SQLServerDriver"
jdbc_connection_string => "jdbc:sqlserver://SE128023:1433;databaseName=dev_IT;schema=dbo"
#clean_run => true
last_run_metadata_path => "${LOGSTASH_HOME}\.logstash_jdbc_last_run"
jdbc_user => "esuser"
jdbc_password => "esuser123"
schedule => "0 0-59 0-23 * * *"
tracking_column => "processenddatetime"
tracking_column_type => "timestamp"
jdbc_default_timezone => "America/Toronto"
statement_filepath => "C:\Users\Downloads\EKL\DoubleLog\logstash-6.2.2\config\db.txt"
jdbc_paging_enabled => "true"
jdbc_page_size => "10000"
type => "statusdescription"
}
}
filter {
#date {
# timezone => "America/New_York"
# match => [ "enddatetime", "dd/MMM/yyyy:HH:mm:ss Z", "yyyy-MM-dd HH:mm:ss.SSSZ" ]
# target => [ "enddatetime" ]
# }
}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "%{type}-%{+YYYY.MM.dd}"
document_id => "%{sessionnumber}-%{seqnum}"
doc_as_upsert => "true"
}
stdout{codec =>rubydebug}
}
OUTPUT
PS C:\Users\Downloads\EKL\DoubleLog\logstash-6.2.2\bin> .\logstash -f "C:\Users\328347935\Downloads\EKL\Double
Log\logstash-6.2.2\config\database.config"
Sending Logstash's logs to C:/Users/328347935/Downloads/EKL/DoubleLog/logstash-6.2.2/logs which is now configured via lo
g4j2.properties
[2018-03-26T09:39:00,752][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>
"C:/Users/328347935/Downloads/EKL/DoubleLog/logstash-6.2.2/modules/fb_apache/configuration"}
[2018-03-26T09:39:00,768][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"C
:/Users/328347935/Downloads/EKL/DoubleLog/logstash-6.2.2/modules/netflow/configuration"}
[2018-03-26T09:39:00,986][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or
command line options are specified
[2018-03-26T09:39:01,668][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.2.2"}
[2018-03-26T09:39:02,137][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-03-26T09:39:08,349][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=
4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-03-26T09:39:08,781][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[
], :added=>[http://localhost:9200/]}}
[2018-03-26T09:39:08,797][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connect
ion is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2018-03-26T09:39:08,971][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://local
host:9200/"}
[2018-03-26T09:39:09,033][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
[2018-03-26T09:39:09,033][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: thetypeevent fiel
d won't be used to determine the document _type {:es_version=>6}
[2018-03-26T09:39:09,034][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-03-26T09:39:09,081][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"tem
plate"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynami
c_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "
norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>
false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"
}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=
"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-03-26T09:39:09,112][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::E
lasticSearch", :hosts=>["http://localhost:9200"]}
[2018-03-26T09:39:09,518][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>"main", :thread=
"#<Thread:0x2fb2f343 sleep>"}
[2018-03-26T09:39:09,611][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
[2018-03-26T09:40:02,405][INFO ][logstash.inputs.jdbc ] (0.063000s) SELECT CAST(SERVERPROPERTY('ProductVersion') AS
varchar)
[2018-03-26T09:40:02,873][INFO ][logstash.inputs.jdbc ] (0.250000s) SELECT TOP (1) count() AS [COUNT] FROM (select
L.,