Hi,
My logstash conf file is
input {
file {
type => "name1"
path => "/var/log/alerts.json"
codec => "json"
}
}
filter {
}
output {
#stdout { codec => rubydebug }
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "ossec-%{+YYYY.MM.dd}"
document_type => "osq"
template => "/etc/logstash/xys.json"
template_name => "xyz"
}
}
For the first time ,new index got created but with time new rows gets added in /var/log/alerts.json file ,but our logstash service is not pushing new data to ES an don ES it show only one index and no new data .
Please Help
Thanks
Gaurav
To debug, disable your elasticsearch output and enable the currently commented out stdout output. Append a line to /var/log/alerts.json:
echo '{"message": "test"}' >> /var/log/alerts.json
What happens?
Nothing happend .The message got appended in my log file but nothing on my console
Okay. Enable at least verbose logs by starting Logstash with --verbose and check the logs for clues. It'll tell you which files the filename pattern expands to (should of course be exactly one in this case) and whether it has any trouble opening the file.
I am running logstash as 'service logstash start' and how should i enable verbose here and where should i see logs
Is there any .sincedb issue
I am running logstash as 'service logstash start' and how should i enable verbose here
See /etc/sysconfig/logstash or /etc/default/logstash depending on your distribution.
and where should i see logs
I'm confused. You said there was nothing produced by the stdout output and now you don't seem to know where the logs are. So you're starting Logstash with service logstash start? Exactly how did you determine that nothing happened when you appended a line to the .json file?
Is there any .sincedb issue
Probably not since we're appending new data.
more logstash.log
{:timestamp=>"2016-07-20T17:52:32.612000+0530", :message=>"Pipeline main started
"}
And where is this logstash.log file?
under /etc/default/logstash
I have tried all the option ..Help highly appreciated
under /etc/default/logstash
What? That's not where any sanely configured Logstash stores its log. When you start Logstash as a service it'll send its logs to the /var/log/logstash directory.