Hi,
In continuation of the following topic which is now closed:
We found no solution for that. moreover - we just tried installing Logstash 6.5 on a new machine and we get the same results - the logstash runs, but sincedb is never updated. it is being created and "touched" when logstash starts running, but then nothing happens, no new file is added, no existing file is being updated.
The same configuration worked on all previous version (starting from 2.x, 4.x, 5.x, 6.2.4....)
Any way I can debug it and understand?
Really need some help here,
Thanks!
I'm encountering a similar issue.
A couple of days ago, I installed the latest elasticsearch-6.5.3 with kibana-6.5.3-windows-x86_64 and logstash-6.5.3 on a fresh Windows server 2012r2. couldn't make this setup to work.
It seems all components are running with no errors, but no indexing occurs (nothing is written to sincedb file).
Following the advise above, I installed logstash-6.2.4 (instead of logstash-6.5.3 and without any other change) and now the setup is running with no issues.
What can be done to debug this issue further?
@guyboertje, I understand that you did the pull request that changed the file input. it's been months now that we cannot work with the new versions as they just ignore our file inputs. please let me know what we can do to debug this and make this work again... I am stuck with 6.2.4.
If so, yes, I did refactor the way the stat call is done on windows - to use a different Kernel32 dll call. I looks like this fails silently in some circumstances. I did and have done some tests in Google Compute Cloud on windows servers but I did not create a realistic "prod" environment.
I have been meaning to make some time to fix this but we are a small team with too much to do.
@guybowden so it seems that windows is completely broken. I tried moving the files from the network to a local file, it still doesn't work.
Regarding filebeat, I can try, it will probably take me a couple of weeks to set it up as we are under a lot of stress here, but in general i would wish logstash to work again...
currently it is holding me from upgrading all the other versions as well, and it prevents me from having the "Read" mode which I really need
@guyboertje an update - I installed filebeat and configured everything. it has the same problem - it doesn't deal well with windows network paths, so it does not help us, it also makes the architecture much more complex and requires multiple filebeat instances which I don't really like anyhow, as someone said in one of the forums - if you are going to use logstash anyway (and I do because I need to make some adjustments on the files), there is no sense in using filebeat....
so bottom line - it doesn't work, and it seems that the changes made in the file input broke logstash for network files. can you please try to see if you can get it working again?
Yes, that's what I thought. I actually got the logstash configuration as inheritance from someone and he used the forward slashes which is very uncommon in windows so I figured he had issues with backslashes.....
I am actually trying to run it on a local directory right now (which works with filebeat, but I wanted to check logstash again) and it looks like even that isn't working. I am still doing some experiments.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.