I have written a logstash conf file to read through logs. It run fine when I specify the log path to a single file. However, if I made it to *.log, it can't run any files. How can I resolve it?
Here is the one which works.
input{
stdin{}
file{
type => "txt"
path => "C:\HA\accesslog\trial.log"
start_position => "beginning"
}
}
filter{
grok{
match => {"message" => ["%{IP:ClientAddr}%{SPACE}%{NOTSPACE:access_date}%{SPACE}%{TIME:access_time}%{SPACE}%{NOTSPACE:VirtualHost}%{SPACE}%{WORD:cs-method}%{SPACE}%{PATH:cs-uri-stem}%{SPACE}%{PROG:Protocol}%{SPACE}%{NUMBER:sc-status}%{SPACE}%{NUMBER:bytes}%{SPACE}%{NOTSPACE:RequestedSessionId}%{SPACE}%{PROG:Ecid}%{SPACE}%{NUMBER:ThreadId}%{SPACE}%{NUMBER:EndTs}%{SPACE}%{NUMBER:time-taken}"]}
}
if "_grokparsefailure" in [tags] {
drop { }
}
}
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash-%{+YYYY.MM.dd}"
template_overwrite => true
}
stdout { codec => rubydebug }
}
When I change path to
path => "C:\HA\accesslog*.log"
It could not work.