Logstash not creating index on elasticsearch

Elastic Stack Logstash
1

Hello,
I have ElasticSearch and Logstash installed on same machine(Ubuntu).
I have the below apache_logs.conf file contents:

input {
file {
path => "/var/log/apache_logs"
type => "apache_log" # a type to identify those logs (will need this later)
start_position => "beginning"
}
}

filter {
grok {
match=> { message => "%{COMBINEDAPACHELOG}" }
}
date {
locale => "en"
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
stdout { }
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "myLogs"

}

}

The command --> sudo service logstash configtest returns "Configuration OK"
The log file is placed in "/var/log/apache_logs"
However, indices are not getting created in elasticsearch and hence not reflected in kibana.
Could you please point out if I have missed out on any settings.

2

So /var/log/apache_logs is a directory rather than a file? Point directly to the file, or a wildcard that includes the file you want to read.

3

Hello,
Thank you for the response. I mentioned path as /var/log/apache_logs wherein apache_logs is the name of the log file.

4

Okay. Logstash is probably tailing the file. In that case clearing the sincedb file will help. Please read the file input documentation and check the numerous posts about this in the past. Increasing Logstash's log level will give more clues about what it's doing.

5

Okay, so I used the below in the file block:
file {
path => "/var/log/apache_logs"
type => "apache_log" # a type to identify those logs (will need this later)
start_position => "beginning"
sincedb_path => "/dev/null" #to clear since db
}

and it worked!
Thank you

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.