Logstash not reading my file, no sincedb file being created either

Rohan_Tirumale · June 9, 2016, 5:53pm

I am using logstash 2.0 and this is my config file. For some reason the file isnt being read, but I am able to feed it an input using stdin, for which it shows me a result.

input {
file{
path => "/home/finalelkcut/logs/t2.log"
sincedb_path => "/home/finalelkcut/logs/.sincedb*"
start_position => "beginning"
}
stdin{}
}

filter{
grok{
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => ["timestamp" , "dd/MMM/yyyy:HH:mm:ss Z"]
}

}
output {
stdout{ codec => rubydebug}
elasticsearch {
hosts => "10.61.157.79:9200"

}

magnusbaeck · June 14, 2016, 6:26pm

If the input file is older than 24 hours you need to adjust ignore_older.

sincedb_path => "/home/finalelkcut/logs/.sincedb*"

The * doesn't make sense unless you really want Logstash to create a file named .sincedb*.