HI ALL,
I am trying to load some sample data set to elasticsearch using logstash. But I am not sure if this is working, when i run my config file from command prompt ,log stash stops at this point and doesn't give any information if it has loaded the data. Please advice.
Config file:
input {
file {
path => "C:\Users\yuvaraja.kannan\Documents\server_log.csv"
start_position => "beginning"
sincedb_path=>"/dev/null"
}
}
filter {
csv {
separator => ","
columns => [ "processname", "robot", "total_exec_time_minutes" ,"date" ]
}
mutate {convert => ["total_exec_time_minutes","integer"] }
}
output {
elasticsearch{
hosts=> "localhost"
index=>"process_time"
document_type=>"process_execution_time"
}
}
Command prompt:
C:\Users\yuvaraja.kannan\Documents\logstash-6.2.3\bin>logstash -f logstash_process.config
Sending Logstash's logs to C:/Users/yuvaraja.kannan/Documents/logstash-6.2.3/logs which is now configured via log4j2.properties
[2018-04-02T23:31:37,687][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"C:/Users/yuvaraja.kannan/Documents/logstash-6.2.3/modules/fb_apache/configuration"}
[2018-04-02T23:31:37,709][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"C:/Users/yuvaraja.kannan/Documents/logstash-6.2.3/modules/netflow/configuration"}
[2018-04-02T23:31:37,804][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"C:/Users/yuvaraja.kannan/Documents/logstash-6.2.3/data/queue"}
[2018-04-02T23:31:37,813][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"C:/Users/yuvaraja.kannan/Documents/logstash-6.2.3/data/dead_letter_queue"}
[2018-04-02T23:31:37,957][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-04-02T23:31:37,997][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"a3ab481c-a689-46f1-b036-7af1d3198086", :path=>"C:/Users/yuvaraja.kannan/Documents/logstash-6.2.3/data/uuid"}
[2018-04-02T23:31:38,808][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.2.3"}
[2018-04-02T23:31:39,326][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-04-02T23:31:42,106][WARN ][logstash.outputs.elasticsearch] You are using a deprecated config setting "document_type" set in elasticsearch. Deprecated settings will continue to work, but are scheduled for removal from logstash in the future. Document types are being deprecated in Elasticsearch 6.0, and removed entirely in 7.0. You should avoid this feature If you have any questions about this, please visit the #logstash channel on freenode irc. {:name=>"document_type", :plugin=><LogStash::Outputs::ElasticSearch hosts=>[//localhost], index=>"process_time", document_type=>"process_execution_time", id=>"f38f850df82ae9a02af101771cf817e92adcecdcd5b6b84b3c45be83d68bde39", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_644335d6-a981-467b-852d-f3259c60cb8a", enable_metric=>true, charset=>"UTF-8">, workers=>1, manage_template=>true, template_name=>"logstash", template_overwrite=>false, doc_as_upsert=>false, script_type=>"inline", script_lang=>"painless", script_var_name=>"event", scripted_upsert=>false, retry_initial_interval=>2, retry_max_interval=>64, retry_on_conflict=>1, action=>"index", ssl_certificate_verification=>true, sniffing=>false, sniffing_delay=>5, timeout=>60, pool_max=>1000, pool_max_per_route=>100, resurrect_delay=>5, validate_after_inactivity=>10000, http_compression=>false>}
[2018-04-02T23:31:42,250][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-04-02T23:31:42,984][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2018-04-02T23:31:43,001][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2018-04-02T23:31:43,342][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2018-04-02T23:31:43,462][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>6}
[2018-04-02T23:31:43,469][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2018-04-02T23:31:43,495][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-04-02T23:31:43,531][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-04-02T23:31:43,596][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost"]}
[2018-04-02T23:31:44,627][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>"main", :thread=>"#<Thread:0x52f6fb run>"}
[2018-04-02T23:31:44,818][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}