Logstash does not send apache logs to elasticsearch

for me the globe issue is gone but still no index is created. Need to dig more

Magnus, the host directory which contains the apache log file is not mounted into the container. I will try this and come back again

For me I have tried everything like permissions / checked path still no index created ... sigh

I do not understand why logstash able to parse the conf file from command line but not as service. I am out of ideas .. :frowning: any pointers ?

That sounds like a permissions problem. Increase the log level to debug and look for log entries with "glob" or "discover" in them.

But please, let's not talk about two problems in one thread. It gets very confusing.

as said earlier i have already checked permissions. Also i have put access_log to /tmp and gave it 777 permission still no luck

So, Vishal, you use the same configuration (same logstash.conf) as mine but without any docker containers and logstash still cannot send apache logs to elastic search

I am not using same config file but another one. So i have already some server running Elastic Stack version 2.4. I have taken apache config from there. No i am not running docker container

Hi
I have faced the same issue in Windows 7 and was getting the following in the console output infinitely, the permission was correct in my case. Then i changed the file name from filename_123.log to filename123.log and the index was created there after. I have no idea if the underscore (_) in the file name is the real culprit.

logstash.pipeline ] Pushing flush onto pipeline
logstash.pipeline ] Pushing flush onto pipeline
logstash.pipeline ] Pushing flush onto pipeline
logstash.inputs.file ] globbedfiles: D:\filename_123.log: glob is:

The same configuration seems to work in Ubuntu 16 ( file name with underscore )

Regards

IN my case, renaming my file from admin_access.log to adminAccess.log (underscore removed) didn't solve the problem

Hi
@themoisis
I was wrong, added the .xml to the filename in path => parameter, therefore i got the error. It was not due to any underscore related issues.

Guys, after mounting the apache log file in the docker container, i finally managed to see some log results in elasticsearch. So, my logstash.conf and my apache log are mounted in the logstash container. However, still in kibana the option to configure an index pattern is still disabled. Need to dig a bit (i hope) more

After matching the index from logstash.conf to the index in kibana (by creating a same index in kibana) i finally get also some logs in kibana. Not all the logs but i get some, so what's remaining is digging now in kibana and in logstash.conf filters, grok e.t.c.. So i guess my original problem is solved now. Thank you all!!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.