Logstash pipeline

My logstash does not ship the data. Please help

input {

file {

path => "C:/Users/kumar/Desktop/grok.csv"

start_position => "beginning"

sincedb_path => "NULL"

}

}

filter {

csv {

separator => ","

columns => ["Name","Age","System"]

}

translate {

field => "System"

destination => "realOS"

fallback => "not_found"

dictionary => ["Windows10","Kali","Ubuntu","CentOS"]

}

}

output {

elasticsearch{

hosts => "http://localhost:9200/"

index => "translate"

user => "elastic"

password => "******"

}

stdout{}

}
C:\Users\kumar\Desktop>logstash -f logstash.conf
"Using bundled JDK: ""
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to C:/elastic_stack/logstash-7.12.1-windows-x86_64/logstash-7.12.1/logs which is now configured via log4j2.properties
[2021-06-25T20:49:54,291][INFO ][logstash.runner ] Log4j configuration path used is: C:\elastic_stack\logstash-7.12.1-windows-x86_64\logstash-7.12.1\config\log4j2.properties
[2021-06-25T20:49:54,311][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.12.1", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.10+9 on 11.0.10+9 +indy +jit [mswin32-x86_64]"}
[2021-06-25T20:49:54,460][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-06-25T20:49:56,066][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2021-06-25T20:49:57,784][INFO ][org.reflections.Reflections] Reflections took 70 ms to scan 1 urls, producing 23 keys and 47 values
[2021-06-25T20:50:00,699][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://elastic:xxxxxx@localhost:9200/]}}
[2021-06-25T20:50:01,067][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2021-06-25T20:50:01,139][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2021-06-25T20:50:01,139][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>7}
[2021-06-25T20:50:01,219][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200/"]}
[2021-06-25T20:50:01,307][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled}
[2021-06-25T20:50:01,395][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["C:/Users/kumar/Desktop/logstash.conf"], :thread=>"#<Thread:0x38cc2442 run>"}
[2021-06-25T20:50:01,435][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2021-06-25T20:50:03,154][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>1.75}
[2021-06-25T20:50:03,938][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-06-25T20:50:04,023][INFO ][filewatch.observingtail ][main][700f2852d3c519facd58ec072345257771362e05598f0042db2daa89fd714a75] START, creating Discoverer, Watch with file and sincedb collections
[2021-06-25T20:50:04,031][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}

On Windows, this will persist the in-memory sincedb to a file called NULL in the directory that logstash is running in. If you do not want the in-memory sincedb persisted across restarts then set it to "NUL".

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.