Logstash + Elasticsearch + Windows Server

Vakhtang_Badzhadze · March 17, 2016, 10:28am

Hi ?
I have windows server 2012 and installed logstash 2.2 and elastic 2.2 on it.
Log stash config:

input {
file {
start_position => "beginning"
type => "log4net"
path => ["D:/Other Programms/ELK/logstash/bin/logs/log.log"]
}
}
filter {
if [type] == "log4net" {
grok {
pattern => ["%{TIMESTAMP_ISO8601:sourceTimestamp} [%{DATA:threadId}] %{LOGLEVEL:level} %{WORD:logger}"]
}
}
}

output {
stdout {
codec => line {
format => " Hello - %{sourceTimestamp}. "
}
}
file {
path => ["D:/Other Programms/ELK/logstash/bin/logs/test.log"]
}
elasticsearch {
hosts => ["localhost:9200"]
index => "Logs"
}
}
Logstash starting and work, but i cant find logs in elasticstash !

elasticstash works

warkolm · March 18, 2016, 4:35am

It's probably this - https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html#plugins-inputs-file-sincedb_path

Find the sincedb file, delete it and then restart LS.

magnusbaeck · March 19, 2016, 3:26pm

Also check out the ignore_older option if the input file is older than 24 hours.