Hi,
I am trying to debug logstash; therefore, I need it's debug logs but couldn't find any. In fact, I moved the ELK stack from one Windows box to another. Obviously, version has also changed. Before I was using logstash-indexer.cfg but now I have noticed that there is by default another file called logstash.json. I did copy all the contents from old to new one and start the logstash service with logstash.json configuration file but it seems, it's not shipping logs to Elasticsearch.
Logstash sends its logs to where you tell it to with the -l/--log option. Check how you invoke Logstash. Without that option Logstash will log to stdout (or is it stderr?).
I have a this line in my code:
stdout { codec => rubydebug}
Where to check the logs in this case?
The answer is the same. Logstash's stdout output goes to the same location as its log.
Command line -l, --log FILE = Log to a given path. Default is to log to stdout
So, by default is there any location for stdout because it says by default it logs to stdout, what does it mean?
What "stdout" is and what it means is probably better explained elsewhere.
If a process's stdout stream isn't redirected anywhere it'll end up in the console/terminal where the process was started. If you're starting Logstash as a service on a Windows system you'll want to pass the --log option to have the logs written to a file.
Thanks Magnus. Now, I can see the logs and as per log, I guess, logs are being shipped to Elasticsearch from Logstash but I can't see them in Kibana. I can only see the logs that are coming via Winlogbeats but not Logstash.
Is there any way to check it out if Elasticsearch is receiving the logs or not?
Perhaps the logs are there, it's just that you're looking for them in the wrong time interval.
You could capture and analyze the network traffic, measure the number of documents in the ES indexes before and after Logstash runs, widen your search to search in all indexes, etc.
Thanks a lot... I did create a new index for Logstash-, now I can see. You are a star!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.