filebeat.yml file
filebeat.prospectors:
type: log
"/home/ec2-user/logs/sas_logs/*.log"
logstash.conf file
input {http://localhost:9200 "
log format: 2018-07-09T16:20:30,799 INFO [00000006] :sasinst - NOTE: Copyright (c) 2016 by SAS Institute Inc., Cary, NC, USA.
When I run logstash, it is stuck at Pipeline Started. I'm not able to understand the issue.
Can anyone please help me ??
pierhugues
August 8, 2018, 6:02pm
2
Hello @Vijay_Chander , by looking at your filebeat configuration, I believe you have an indentation issue in your configuration and you also need to enable the logstash output.
filebeat.prospectors:
- type: log
paths:
- "/home/ec2-user/logs/sas_logs/*.log"
output.logstash:
enabled: true
hosts: ["localhost:5044"]
Also starting filebeat in debug mode should give us a a better idea is there is others issues, you can do that by running the following command:
./filebeat -v -e -d "*" -c ./myconfig.yml
1 Like
Hi @pierhugues ,
I've tried as you suggested but still no luck. Below is my filebeat log
2018-08-09T05:32:11.870Z DEBUG [input] log/input.go:175 input states cleaned up. Before: 5, After: 5, Pending: 0
logstash log
[2018-08-09T05:27:28,029][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
Can you please suggest any other way??
pierhugues
August 9, 2018, 12:24pm
4
@Vijay_Chander lets concentrate on the Filebeat side, If you want filebeat with the options I've said in my previous comment the log should be a lot bigger. Can you include a more complete log?
system
September 6, 2018, 12:33pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.