Logstash pipeline is not executing changes when I run it for second time

Seyf_Souissi · November 16, 2017, 1:16am

Hi,
When I run logstash config file, I can see the index created in elastic search. But when I run it again with few changes( like changing index name) I can see logstash pipeline has started but the index is not created in elastic search.

I am checking the indexes by looking on ES indexes : http://localhost:9200/_cat/indices?v and through KIbana management too.

Can anybody help me on this.

This is my config file :

input 
{
  file 
  {
    path => "/home/seif/Documents/logstash/logs/A20171010.1500-1505-ACTIVITY-JOB_ESA.xml"
    start_position => "beginning"
  }
}
filter {
 
  xml 
  {
      source => "message"
      #target => "xmldata"
      store_xml => "false"
      xpath => ["/measCollecFile/fileHeader/measCollec/@beginTime/text()","beginTime"]
      xpath => ["/measCollecFile/measData/measInfo/measType/text()","measType"]
      xpath => ["/measCollecFile/measData/measInfo/measValue/r/text()","measValue"]
      xpath => ["/measCollecFile/fileFooter/measCollec/@endTime/text()","endTime"]
  }
  
   if "_grokparsefailure" in [tags]
    {
              drop { }
    } else 
    {
        mutate 
        { 
            remove_field => [ "message" ] 
        }

        mutate 
        {
        	replace => 
 			    {
    			 "measType" => "%{[measType][0]}"
    			 "measValue" => "%{[measValue][0]}"
  			   }
      	}  
  	}
}
output
{
	elasticsearch
	{
		hosts => ["localhost:9200"]
		user => elastic
		password => changeme
		index => ["testxml"]
	}
	stdout { codec => rubydebug }
}

magnusbaeck · November 16, 2017, 6:37am

This is expected since Logstash has already processed the input file. If you want to process it again you need to reset the sincedb file or disable it. See the file input documentation for details.

system · December 14, 2017, 6:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.