hi...
when i run logstash config file .it display output but when we run it again then no output displayed.
its new for me.
i installed logstash 2.2,elasticsearch 2.2 and kibana 1.4.
plz reply soon .its urgent.
plz reply soon.
when i run logstash config file .it display output but when we run it again then no output displayed.
It's completely impossible to help without any details. What's your configuration, for example?
plz reply soon.
Have patience. If patience is scarce there are paid support subscriptions. Regardless of what channel you use to get help, you must realize that it's in your best interest to ask as clear of a question as possible.
ok.
my config file is:-
input {
file {
path => "/etc/record.csv"
start_position => "beginning"
}
}
output{
stdout{ codec => rubydebug}
}
/opt/logstash/bin/logstash -f first.conf -v
Settings: Default pipeline workers: 1
Registering file input {:path=>["/etc/record.csv"], :level=>:info}
No sincedb_path set, generating one based on the file path {:sincedb_path=>"/home/sab/.sincedb_166abf361ebae2343c43ab4612b6db74", :path=>["/etc/record.csv"], :level=>:info}
Starting pipeline {:id=>"base", :pipeline_workers=>1, :batch_size=>125, :batch_delay=>5, :max_inflight=>125, :level=>:info}
Pipeline started {:level=>:info}
Logstash startup completed
^CSIGINT received. Shutting down the pipeline. {:level=>:warn}
Closing inputs {:level=>:info}
Closed inputs {:level=>:info}
Input plugins stopped! Will shutdown filter/output workers. {:level=>:info}
Pipeline shutdown complete. {:level=>:info}
Logstash shutdown completed
when i use this command:-cat /etc/record.csv |/opt/logstash/bin/logstash -f first.conf -v
it works properly.
and my config file is:-
input {
stdin{}
}
output{
stdout{ codec => rubydebug}
}
Presumably the sincedb file (whose path is in the log) indicates that Logstash already has processed the file in question. In that case you have to delete the sincedb file to have Logstash process the file again.
beat installation is necessary for viewing data in elk.
can we view pcap data in elk.
No, it's not.
I have seen people do this, I am sure if you run a search on the net for the topic you will find something.
i create config file and works properly and its data display in kibana.but when i run it again then no changes display
ok.thanks
my config file is
input {
file {
path => "/Desktop/datacsv.csv"
start_position => "beginning"
sincedb_path => "/home/sab/null"
}
}
output {
stdout{codec => rubydebug}
}
output is:-
Registering file input {:path=>["/Desktop/datacsv.csv"], :level=>:info}
Pipeline started {:level=>:info}
Logstash startup completed
^CSIGINT received. Shutting down the pipeline. {:level=>:warn}
Sending shutdown signal to input thread {:thread=>#<Thread:0x70d1319 sleep>, :level=>:info}
Plugin is finished {:plugin=><LogStash::Outputs::Stdout codec=><LogStash::Codecs::RubyDebug metadata=>false>, workers=>1>, :level=>:info}
Pipeline shutdown complete. {:level=>:info}
when i run :-
cat /etc/datacsv.csv | /opt/logstash/bin/logstash -f newf.conf -v
config file is:-
input {
stdin{}
}
filter {
csv {
separator => ","
columns => ["No.","Time","Source","Destination","Protocol","Length","Info"]
}
mutate {convert => ["Source", "float"]}
mutate {convert => ["Destination", "float"]}
mutate {convert => ["Protocol", "float"]}
}
output {
stdout{codec => rubydebug}
}
output display correctly.
sincedb_path => "/home/sab/null"
Was your intention with this to disable sincedb? It doesn't. Use /dev/null if you want to disable sincedb.