Logstash does not send apache logs to elasticsearch

Vishal_Sharma1 · June 27, 2017, 6:06pm

for me the globe issue is gone but still no index is created. Need to dig more

themoisis · June 28, 2017, 7:44am

Magnus, the host directory which contains the apache log file is not mounted into the container. I will try this and come back again

Vishal_Sharma1 · June 28, 2017, 8:14am

For me I have tried everything like permissions / checked path still no index created ... sigh

Vishal_Sharma1 · June 28, 2017, 10:22am

I do not understand why logstash able to parse the conf file from command line but not as service. I am out of ideas .. any pointers ?

magnusbaeck · June 28, 2017, 11:02am

That sounds like a permissions problem. Increase the log level to debug and look for log entries with "glob" or "discover" in them.

But please, let's not talk about two problems in one thread. It gets very confusing.

Vishal_Sharma1 · June 28, 2017, 11:22am

as said earlier i have already checked permissions. Also i have put access_log to /tmp and gave it 777 permission still no luck

themoisis · June 28, 2017, 1:58pm

So, Vishal, you use the same configuration (same logstash.conf) as mine but without any docker containers and logstash still cannot send apache logs to elastic search

Vishal_Sharma1 · June 28, 2017, 2:01pm

I am not using same config file but another one. So i have already some server running Elastic Stack version 2.4. I have taken apache config from there. No i am not running docker container

Makra · June 28, 2017, 2:12pm

Hi
I have faced the same issue in Windows 7 and was getting the following in the console output infinitely, the permission was correct in my case. Then i changed the file name from filename_123.log to filename123.log and the index was created there after. I have no idea if the underscore (_) in the file name is the real culprit.

logstash.pipeline ] Pushing flush onto pipeline
logstash.pipeline ] Pushing flush onto pipeline
logstash.pipeline ] Pushing flush onto pipeline
logstash.inputs.file ] globbedfiles: D:\filename_123.log: glob is:

The same configuration seems to work in Ubuntu 16 ( file name with underscore )

Regards

themoisis · June 28, 2017, 2:36pm

IN my case, renaming my file from admin_access.log to adminAccess.log (underscore removed) didn't solve the problem

Makra · June 28, 2017, 3:33pm

Hi
@themoisis
I was wrong, added the .xml to the filename in path => parameter, therefore i got the error. It was not due to any underscore related issues.

themoisis · June 28, 2017, 3:33pm

Guys, after mounting the apache log file in the docker container, i finally managed to see some log results in elasticsearch. So, my logstash.conf and my apache log are mounted in the logstash container. However, still in kibana the option to configure an index pattern is still disabled. Need to dig a bit (i hope) more

themoisis · June 29, 2017, 9:45am

After matching the index from logstash.conf to the index in kibana (by creating a same index in kibana) i finally get also some logs in kibana. Not all the logs but i get some, so what's remaining is digging now in kibana and in logstash.conf filters, grok e.t.c.. So i guess my original problem is solved now. Thank you all!!

system · July 27, 2017, 9:45am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.