Logstash Elasticsearch Input

vishakh · May 6, 2021, 7:49pm

I'm trying to extract (or) export logs from Elasticsearch via Logstash
I would like to write the extracted logs to a file

input {
  elasticsearch {
    hosts => "elasticsearch.domain.com:9200"
    query => '{ "size": 5, "query": { "match": { "host.ip": "10.1.1.1"} } }'
    size => 5
    user => "<username>"
    password => "<password>"
    scroll => "1m"
    ca_file => "/etc/logstash/certs/ca.crt"
    ssl => true
    index => "winlogbeat-7.10*"
   }
}
output {
  file {
    path => "/var/log/logstash/search-output.txt"
    codec => line
   }
}

vishakh · May 6, 2021, 7:53pm

Below is the output from the pipeline execution

vishakh · May 6, 2021, 7:54pm

After the execution, I don't see the log-extracted written into a log file

Badger · May 6, 2021, 9:52pm

Please do not post pictures of text. They are hard to read (and some folks will be unable to read them at all) and impossible to search. Just post the text. If the text is too big post a link to a gist on github or similar text sharing site.

Topic		Replies	Views
Logstash to pull logs from Elasticsearch input Logstash	1	245	March 25, 2020
Logstash not able to read data from elasticsearch Logstash	2	837	August 19, 2017
Not able to feed log file to Elasticsearch through Logstash Logstash	2	889	July 6, 2017
Unable to see logs in Elasticsearch from logstash Logstash	9	588	November 8, 2023
Elasticsearch's output to logstash Elasticsearch	6	410	July 19, 2019

Logstash Elasticsearch Input

Related topics