Logstash pipeline is not executing changes when I run it for second time

Elastic Stack Logstash
1

Hi,
When I run logstash config file, I can see the index created in elastic search. But when I run it again with few changes( like changing index name) I can see logstash pipeline has started but the index is not created in elastic search.

I am checking the indexes by looking on ES indexes : http://localhost:9200/_cat/indices?v and through KIbana management too.

Can anybody help me on this.

This is my config file :

input 
{
  file 
  {
    path => "/home/seif/Documents/logstash/logs/A20171010.1500-1505-ACTIVITY-JOB_ESA.xml"
    start_position => "beginning"
  }
}
filter {
 
  xml 
  {
      source => "message"
      #target => "xmldata"
      store_xml => "false"
      xpath => ["/measCollecFile/fileHeader/measCollec/@beginTime/text()","beginTime"]
      xpath => ["/measCollecFile/measData/measInfo/measType/text()","measType"]
      xpath => ["/measCollecFile/measData/measInfo/measValue/r/text()","measValue"]
      xpath => ["/measCollecFile/fileFooter/measCollec/@endTime/text()","endTime"]
  }
  
   if "_grokparsefailure" in [tags]
    {
              drop { }
    } else 
    {
        mutate 
        { 
            remove_field => [ "message" ] 
        }

        mutate 
        {
        	replace => 
 			    {
    			 "measType" => "%{[measType][0]}"
    			 "measValue" => "%{[measValue][0]}"
  			   }
      	}  
  	}
}
output
{
	elasticsearch
	{
		hosts => ["localhost:9200"]
		user => elastic
		password => changeme
		index => ["testxml"]
	}
	stdout { codec => rubydebug }
}
2

This is expected since Logstash has already processed the input file. If you want to process it again you need to reset the sincedb file or disable it. See the file input documentation for details.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.