Logstash does not read Files

YannickWeber · March 22, 2018, 8:49am

Hello,

I am new to Logstash and I am trying to read my logfiles. While I can parse single logs using stdin logstash does not seem to scan the configured files.

my .config file looks like this:

input {
file {
path => ["D:\Logs*.txt"]
start_position => "beginning"
ignore_older => 3600
}
}
filter {
grok {
match => { "message" => "\A%{BIND9_TIMESTAMP:dns_timestamp} client <%{BACULA_HOST:IntOrExt}_%{USER:User}>#%{INT:Int}: query: %{HOSTNAME:hostname} %{CRON_ACTION:Action}+"}
}
date {
match => ["dns_timestamp", "dd-MMM-yyyy HH:mm:ss.SSS"]
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "wabern"
}
stdout {
}
}

xmatt · March 22, 2018, 9:44am

I'd suggest using Filebeat for this which will follow log files perfectly, including ones that are automatically rolled over.

Best of luck!

magnusbaeck · March 22, 2018, 10:23am

path => ["D:\Logs*.txt"]

I think you need to use forward slashes instead of backslashes.

YannickWeber · March 23, 2018, 8:45am

Thank you very much, this did the trick.

Topic		Replies	Views
Reading a file with file input Logstash	7	440	September 14, 2019
Logstash does not do anything with file input but starts successfully Logstash	5	537	April 9, 2019
Logstash in reading files issues Logstash	3	953	July 6, 2017
Logstash is not reading all the logs Logstash	3	1964	July 6, 2017
Logstash not reading files changes Logstash	3	360	October 18, 2019

Logstash does not read Files

Related topics