Logstash on linux machine to read files from remote Windows folder

gukutini · March 26, 2021, 9:41am

I have logstash installed on ubuntu machine and use file input to read log files.
I need read files from remote folder of Windows machine.

For more convenience I mounted
remote folder of Windows machine to my Ubuntu folder.
Now I can read mounted folder with any linux user.
Mounted folder has permissions 755.

But logstash "file input" doesn't see any files in this folder.
Currently I have simple logstash config.

input {
  file {
    path => ["/home/mount/test/*"]
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
output {
  stdout {codec => "rubydebug"}
}

Here:
/home/mount/test - mount folder. I see here all files from Windows remote machine.
Could anyone help me with this problem?
How logstash on linux machine can read files from remote Windows folder?

Badger · March 26, 2021, 4:29pm

I suggest setting log.level to trace and see what the filewatch module logs.

gukutini · March 29, 2021, 9:05am

I put trace in log.level.
But I don't see any information about a problem.
Just:

[logstash.agent           ] Successfully started Logstash API endpoint {:port=>9601}
[org.logstash.secret.store.SecretStoreFactory] Attempting to exists or secret store with implementation: org.logstash.secret.store.backend.JavaKeyStore
[org.reflections.Reflections] going to scan these urls:
jar:file:/usr/share/logstash/logstash-core/lib/jars/logstash-core.jar!/
[org.reflections.Reflections] Reflections took 64 ms to scan 1 urls, producing 23 keys and 47 values

....

    [org.logstash.execution.PeriodicFlush][main] Pushing flush onto pipeline.
    [logstash.instrument.periodicpoller.jvm] collector name {:name=>"ParNew"}
    [logstash.instrument.periodicpoller.jvm] collector name {:name=>"ConcurrentMarkSweep"}

Badger · March 29, 2021, 4:48pm

If you successfully set log.level to trace you should be seeing voluminous messages like

[2019-07-30T13:18:09,564][TRACE][filewatch.tailmode.handlers.createinitial] handle_specifically opened file handle: 89, path: test.log.1
[2019-07-30T13:18:09,660][TRACE][filewatch.tailmode.handlers.createinitial] add_new_value_sincedb_collection {"position"=>0, "watched_file details"=>"<FileWatch::WatchedFile: @filename='test.log.1', @state='active', @recent_states='[:watched, :watched]', @bytes_read='0', @bytes_unread='4', current_size='4', last_stat_size='4', file_open?='true', @initial=true, @sincedb_key='8420933 0 51713'>"}
[2019-07-30T13:18:09,712][TRACE][filewatch.tailmode.processor] Active - file grew: test.log.1: new size is 4, bytes read 0

system · April 26, 2021, 4:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reading logs from remote OS Logstash	2	351	January 11, 2018
Using logstash File Input to monitor files on a network share Logstash	3	4364	July 6, 2017
Logstash - Reading files from Windows Network Share Logstash windows	5	806	January 11, 2023
Logstash to read file using ftp Logstash	4	3232	January 27, 2017
Read remote file using file input Logstash	8	1355	December 24, 2019

Logstash on linux machine to read files from remote Windows folder

Related Topics