Logstash is not reading data

(uday kiran) #1

I installed ELK 5.3 version.

When I start logstash to read the file for first time/even fresh file its not reading the data.

If I un-comment start_position, then Logstash reading data. otherwise its not...

The following is the config,

input {
file {
path => "/var/log/tomcat/file.txt"

start_position => "beginning"

  sincedb_path => "/dev/null"
  ignore_older => 0

filter {
grok {
match => { "message" => "%{COMMONAPACHELOG}" }
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => "IP"
index => "logstash-%{+YYYY-MM-dd}"

Logstash running through command as follows,

./bin/logstash --path.settings /etc/logstash -f /path/Sample.conf

Please suggest if I miss anything


(Jordan Sissel) #2

Your ignore_older => 0 setting tells the file input to ignore any files older than 0 seconds, which will basically be every file. This may explain the behavior you are seeing.

I recommend removing this setting.

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.