Logstash tutorial: index_not_found_exception [SOLVED]

dr01 · March 15, 2016, 10:15am

Thanks. In fact there were a few things to fix:

In the input section of the pipeline, we must add sincedb_path => "/dev/null" to tell Logstash to re-process the data, as you said.
The source data file must not be older than 24h, as you said, so (on Linux) a touch logstash-tutorial.log will fix the problem.

The filter section should include a filter to match the timestamp as extracted from the log, or otherwise Logstash will consider ~~the timestamp of the file~~ the current timestamp when it reads the file (quite useless):

  filter {
     grok {
        match => { "message" => "%{COMBINEDAPACHELOG}" }
     }
     date {
        match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
     }
     geoip {
        source => "clientip"
     }
  }

Another useful edit on the output section is to define the index name to something more meaningful:

  output {
     elasticsearch {
        hosts => ["192.168.77.200:9200"]
        index => "apachelogs-%{+YYYY.MM.dd}"     
     } stdout {}
  }

Topic		Replies	Views
Logstash & Beat :index_not_found_exception Logstash	8	2122	July 22, 2018
Advanced-Pipeline: Logstash->Elasticsearch Logstash	13	2776	July 6, 2017
Logstash Index error : [logstash-*] IndexNotFoundException[no such index] Logstash	28	13391	July 6, 2017
Suddenly index_not_found_exception in logstash Logstash	1	349	January 6, 2019
Logstash stucks if Index is not available Logstash	2	488	July 27, 2021

Logstash tutorial: index_not_found_exception [SOLVED]

Related topics