HI,
I installed ELK 5.3 version.
When I start logstash to read the file for first time/even fresh file its not reading the data.
If I un-comment start_position, then Logstash reading data. otherwise its not...
The following is the config,
input {
file {
path => "/var/log/tomcat/file.txt"
start_position => "beginning"
sincedb_path => "/dev/null"
ignore_older => 0
}
}
filter {
grok {
match => { "message" => "%{COMMONAPACHELOG}" }
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => "IP"
index => "logstash-%{+YYYY-MM-dd}"
}
}
Logstash running through command as follows,
./bin/logstash --path.settings /etc/logstash -f /path/Sample.conf
Please suggest if I miss anything
Thanks,
Uday.K