Logstash unable to create new index

(Tahir) #1

Following is my configuration file for logstash and I am trying to create a new index by specifying non standard index name in the output section of this logstash file. I am unable to the data parsed if I am giving this to my ES

input {
file {
path => "Path" #hiding it for confidentiality
type => "csv"
start_position => beginning}

filter {
csv {
columns=> ["Title","Impact","Test Outcome","Recommendation","References","Affected asset","Risk Rating","Attack vector","Attack complexity","Privileges required","User interaction","Scope","Confidentiality","Integrity","Availability","Exploit code maturity","Remediation level","Report confidence","Confidentiality requirement","Integrity requirement","Availability requirement","Modified attack vector","Modified attack complexity","Modified privileges required","Modified user interaction","Modified scope","Modified confidentiality","Modified integrity","Modified availability","Design Issue","Configuration issue","Coding Issue"]
separator=> ","
remove_field => ["message"]}
output {
elasticsearch { hosts => ["localhost:9200"]
index => "xx"
document_type => "Assessment"
stdout { codec => rubydebug }

(Magnus Bäck) #2

How do you know Logstash is even reading the data? If you comment out your elasticsearch output, is your stdout output producing anything?

(Tahir) #3

yes it is if i remove index parameter it works like a charm but indexes my data in logstash default index

(Magnus Bäck) #4

So what's in the Logstash logs? You may need to increase logging verbosity to get anything useful.

(Tahir) #5

I just want to use a different index for clarity. My use case requires me to create an index for reading a csv document (not logs) and index the data into a different index.

(Magnus Bäck) #6

I did not ask for a justification. I asked you to look into Logstash's own logs for clues.

(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.