Hi there,
i have LS and ES are runing,but there is nothing printed in ES or LS.
this is pipeline config.
input {
file {
path => "access_log.txt"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts =>"localhost:9200"
}
stdout { codec => rubydebug }
}
My question is how can see the content of the file parsed.
thank you for your help
Try out just only debug part:
input {
file {
path => "access_log.txt"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
stdout { codec => rubydebug }
}
If still no output, remove filter, it mean something is wrong with filter and nothing match.
pts0
Thank you @pts0 for your answer,i removed filter but i still get nothing.
note : i have those messages on:
logstash host : localhost:9600
host: "user",
version: "5.4.0",
http_address: "127.0.0.1:9600",
id: "03de77c0-a3be-4ff8-b77a-4c37686d4165",
name: "user",
build_date: "2017-04-28T18:14:40Z",
build_sha: "0037bc8cf2e9ff169bf5a08b1946c62dbeb92f9b",
build_snapshot: false
elasticsearch host:localhost:9200
name: "node1",
cluster_name: "elasticsearch",
cluster_uuid: "kKbMy9_LRw-CcELir6KcFQ",
version: {
number: "5.4.0",
build_hash: "780f8c4",
build_date: "2017-04-28T17:43:27.229Z",
build_snapshot: false,
lucene_version: "6.5.0"
},
tagline: "You Know, for Search"
I am grateful for your help.
Hi,
I have a similar problem, I'm trying to debug one of my logstash inputs by sending the output using "stdout" plugin. This is not working. The logstash log remains unchanged and there are no additional logs in the directory.
Any help, Elastic?
when i was using it was working, but is quite a while.
https://www.elastic.co/guide/en/logstash/current/plugins-outputs-stdout.html
maybe try plain sdtout, you may miss ruby library or somethis similar.
Can you start logstash in with high debug mode ?
bin/logstash --debug --log.level trace --config.debug
just to try, not in production
when i start the debug,i get those errors:
ERROR Unable to create file ${sys:ls.logs}/logstash-${sys:ls.log.format}.log java.io.IOException: La syntaxe du nom de fichier, de répertoire ou de volume est incorrecte
and in the end
No configuration file was specified. Perhaps you forgot to provide the '-f yourlogstash.conf' flag?
usage:
bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace] [-w COUNT] [-l LOG]
bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
bin/logstash --help
sure, i just provided the debug flags, please provide all others
i start this commande,i see only errors concerned log4j like this:
ERROR Unable to invoke factory method in class class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile. java.
please help.
where did you started it ? What your log4j config ... did u hv one ?
i starded it from commande line.i have no log4j.i think just the one which is embeded in logsatsh by default.
ok, was the wrong question, I mean in which directory are you and what is the command live u use to start.
i am in bin directory,i use the command:
logstash -f pipeline.conf --config.reload.automatic
is the file pipeline.conf in bin directory ? If not you should give the full qualified path oder relative to where you are (you probably don't need autorelad now).
Thank you verry much.its works now with
input {
beats {
port => "5043"
}
}
but doesn't work with
input {
file {
path => "access_log.txt"
}
}Probably same problem, file should be with full path, if not is not found.
Yes,it is possible.Thank you for your Joinability.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.