I am trying to input logs from my server log file. This is my config file.
input {
file {
path => "/oncology-server/log/service.log"
start_position => "beginning"
}
}
filter {
json {
source => "message"
remove_field => ["message"]
}
}
output {
stdout { codec => rubydebug }
elasticsearch { host => localhost }
}
Nothing shows up in elastic search however. Any help?
Does anything show in stdout?
this is what stdout says, with elastic search running in the background:
pa4tsp3w10pm:bin tempadmin$ ./logstash -f logstash-json6-filter.conf
Jun 17, 2015 9:34:49 AM org.elasticsearch.node.internal.InternalNode
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] version[1.5.1], pid[1033], build[5e38401/2015-04-09T13:41:35Z]
Jun 17, 2015 9:34:49 AM org.elasticsearch.node.internal.InternalNode
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] initializing ...
Jun 17, 2015 9:34:49 AM org.elasticsearch.plugins.PluginsService
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] loaded [], sites []
Jun 17, 2015 9:34:55 AM org.elasticsearch.node.internal.InternalNode
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] initialized
Jun 17, 2015 9:34:55 AM org.elasticsearch.node.internal.InternalNode start
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] starting ...
Jun 17, 2015 9:34:55 AM org.elasticsearch.transport.TransportService doStart
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] bound_address {inet[/0:0:0:0:0:0:0:0:9301]}, publish_address {inet[/10.1.19.125:9301]}
Jun 17, 2015 9:34:55 AM org.elasticsearch.discovery.DiscoveryService doStart
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] elasticsearch/UQf8QITqRRqdUsyqVCK-iw
[2015-06-17 09:34:58,885][INFO ][cluster.service ] [Baron Brimstone] added {[logstash-pa4tsp3w10pm.my.company.com-1033-9786][UQf8QITqRRqdUsyqVCK-iw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9301]]{data=false, client=true},}, reason: zen-disco-receive(join from node[[logstash-pa4tsp3w10pm.my.company.com-1033-9786][UQf8QITqRRqdUsyqVCK-iw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9301]]{data=false, client=true}])
Jun 17, 2015 9:34:59 AM org.elasticsearch.cluster.service.InternalClusterService$UpdateTask run
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] detected_master [Baron Brimstone][HDV1qln6TQWqCIqG9te7Dw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9300]], added {[Baron Brimstone][HDV1qln6TQWqCIqG9te7Dw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9300]],}, reason: zen-disco-receive(from master [[Baron Brimstone][HDV1qln6TQWqCIqG9te7Dw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9300]]])
Jun 17, 2015 9:34:59 AM org.elasticsearch.node.internal.InternalNode start
INFO: [logstash-pa4tsp3w10pm.my.company.com-1033-9786] started
Logstash startup completed
^Z
[2]+ Stopped ./logstash -f logstash-json6-filter.conf
pa4tsp3w10pm:bin tempadmin$ ls[2015-06-17 09:36:47,021][INFO ][cluster.service ] [Baron Brimstone] removed {[logstash-pa4tsp3w10pm.my.company.com-1033-9786][UQf8QITqRRqdUsyqVCK-iw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9301]]{data=false, client=true},}, reason: zen-disco-node_failed([logstash-pa4tsp3w10pm.my.company.com-1033-9786][UQf8QITqRRqdUsyqVCK-iw][pa4tsp3w10pm.my.company.com][inet[/10.1.19.125:9301]]{data=false, client=true}), reason failed to ping, tried [3] times, each with maximum [30s] timeout
I meant stdout, the one defined in your config.
But it looks like LS cannot talk to ES, try switching to the HTTP protocol and see if that help.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.