I am trying to get FileBeat working with Logstash, but not having much luck. I decided to see if I could simply get Logstash to take in JSON files and dump them to Elasticsearch.
I started with a basic console to Elasticsearch, which works:
input {
stdin { }
}
output {
stdout { }
elasticsearch { hosts => ["localhost:9200"] }
}
When I try to read .json files from a folder, nothing happens:
input {
file {
type => "json"
path => "C:/Elasticsearch5/elasticsearch/data/*.json"
}
}
filter {
json {
source => "message"
}
}
output {
stdout {}
elasticsearch {
hosts => ["localhost:9200"]
codec => "json"
}
}
This is the type of output that just keeps repeating itself:
[pool-2-thread-7] DEBUG logstash.instrument.collector - Collector: Sending snapshot to observers {:created_at=>2016-12-12 08:55:29 -0500}
[[main]<file] DEBUG logstash.inputs.file - each: file grew: C:/Elasticsearch5/elasticsearch/data/1AB.json: old size 0, new size 32
[[main]<file] DEBUG logstash.inputs.file - each: file grew: C:/Elasticsearch5/elasticsearch/data/2AM.json: old size 0, new size 24
[[main]<file] DEBUG logstash.inputs.file - each: file grew: C:/Elasticsearch5/elasticsearch/data/3RK.json: old size 0, new size 23
[pool-2-thread-4] DEBUG logstash.instrument.collector - Collector: Sending snapshot to observers {:created_at=>2016-12-12 08:55:30 -0500}
[[main]<file] DEBUG logstash.inputs.file - each: file grew: C:/Elasticsearch5/elasticsearch/data/1AB.json: old size 0, new size 32
[[main]<file] DEBUG logstash.inputs.file - each: file grew: C:/Elasticsearch5/elasticsearch/data/2AM.json: old size 0, new size 24
[[main]<file] DEBUG logstash.inputs.file - each: file grew: C:/Elasticsearch5/elasticsearch/data/3RK.json: old size 0, new size 23
[pool-2-thread-7] DEBUG logstash.instrument.collector - Collector: Sending snapshot to observers {:created_at=>2016-12-12 08:55:31 -0500}
[Ruby-0-Thread-15: C:/Elasticsearch5/logstash-5.0.2/logstash-core/lib/logstash/pipeline.rb:455] DEBUG logstash.pipeline - Pushing flush onto pipeline