Logstash does not do anything with file input but starts successfully

Elastic Stack Logstash
1

Hello All,

I have an issue where I cannot find what is goint on. I have a plain logstash config file:

input {
file {
path => [ "C:\Users\Administrator\Desktop\1.txt" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
file {
path => "C:\Users\Administrator\Desktop\LogTest\test.log"
}
}

Here the contents of the 1.txt will not be read and put to elasticsearch nor into the file.
I have a FIrewall where it can stream logs to TCP/UDP and if I set the input to the appropriate port then I see the logs from the firewall in the test.log file and in Kibana.

Any help Appreciated.

All modules are on version 6.5.0

Thanks in advance!
Kind Regards,
Gergö

2

Of course it will not read your "1.txt" , cause in your Config file you do not have any filter , to match your "1.txt" log file.

3

dear samyo,

thanks for the input, what confuses me is that this:

input {
tcp {
port => 5002
}
udp {
port => 5002
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
file {
path => "C:\Users\Administrator\Desktop\LogTest\test.log"
}
}

works and the data stream arriving on that port will be added to the test.log file without any filter. but I'll make one and test it.

4

Use forward slash, not backslash, in filenames.

5

If the file 1.txt exists when you start Logstash it will "tail" from the end (it assumes that the existing contents are old and of no interest). If you want the full file to be read and then tailed use start_position => "beginning" BUT if you want to simply read a "done" file then read up on read mode here, the setting and this setting also.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.