plz explain it .how?
Go here - https://discuss.elastic.co/c/logstash - Click New Thread.
i create it.
Perfect Answer! Saved me a whole lot of time. If it were on stack over flow I would have done a +1.
Thank you
For ignore_older it says By default, this option is disabled, but that doesn't seem to be the case. I had trouble getting logstash to see a file, and touching it fixed it.
For ignore_older it says By default, this option is disabled, but that doesn't seem to be the case.
It was disabled on the master branch about a week ago, but it's definitely still in effect in 2.x. Haven't checked 5.0.
I should have specified, I'm using 5.0.0.
Is there a setting for this that will make it process the file no matter how old it is?
Setting ignore_older to 0 (zero) should disable the feature.
Here logstash is able to create logs but is not creating index in elastic search.
This is my log-config file
input {
tcp {
port => 5022
type => "syslog"
}
udp {
port => 5022
type => "syslog"
}
}
output {
elasticsearch {
hosts => ["192.168.1.103:9200"]
user => "elastic"
password => "changeme"
index => "logstash-%{+YYYY.MM.dd}"
}
stdout { codec => "rubydebug" }
}
Can anyone help me with thid
@honey, please start a new thread for your question instead of trying to resurrect an old one.
1 Like
I meet the same problem, my solution is updating the log document: vim that document, and then wq. haha, logstash print out what i want.
Sorry for the bad Chinglish, lol.