Logstash does not read Files

Hello,

I am new to Logstash and I am trying to read my logfiles. While I can parse single logs using stdin logstash does not seem to scan the configured files.

my .config file looks like this:

input {
file {
path => ["D:\Logs*.txt"]
start_position => "beginning"
ignore_older => 3600
}
}
filter {
grok {
match => { "message" => "\A%{BIND9_TIMESTAMP:dns_timestamp} client <%{BACULA_HOST:IntOrExt}_%{USER:User}>#%{INT:Int}: query: %{HOSTNAME:hostname} %{CRON_ACTION:Action}+"}
}
date {
match => ["dns_timestamp", "dd-MMM-yyyy HH:mm:ss.SSS"]
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
index => "wabern"
}
stdout {
}
}

I'd suggest using Filebeat for this which will follow log files perfectly, including ones that are automatically rolled over.

Best of luck!

path => ["D:\Logs*.txt"]

I think you need to use forward slashes instead of backslashes.

Thank you very much, this did the trick.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.