New Log file not pull up on kibana

Saplog · May 10, 2017, 10:01am

Hello dears,
I have 2 types of logs, pfSense which works perfectly , and I want to add other logs (saplog) in a file.
I already create a filter (sapfilter) for these new logs, I try it with logstash-f and that's work. When I refresh my index, 22 new fields of my sapfilter has been added.
The problem is that the log file don't pull up on kibana. My input ran with logstash-f ... There is my input

#saprouter log files
input {
file {
path => "/var/log/saprouterlog/saprouterlog.txt_a_20170509_090647-20170509_130347"
start_position => "beginning"
sincedb_path => "/dev/null"
type => "saplog"
}
}

Saplog · May 10, 2017, 11:12am

Help my friends

magnusbaeck · May 11, 2017, 5:22am

Does the logstash user have permission to read those log files? The file itself needs to be readable and all directories leading up to the directory containing the file must be executable.

Saplog · May 11, 2017, 7:43am

Actually, it works but it so long (1-2hour for one file)
Can we do this more quickly ?

Saplog · May 11, 2017, 8:35am

up up

Saplog · May 11, 2017, 8:55am

up uuuuuuuuuuuuuuuuuuuuup

magnusbaeck · May 11, 2017, 9:10am

up uuuuuuuuuuuuuuuuuuuuup

If you're trying to annoy the people that can help you you're certainly on the right track.

Actually, it works but it so long (1-2hour for one file)
Can we do this more quickly ?

Perhaps. How big are the files? What does the Logstash configuration look like? What possible bottlenecks are there?

Saplog · May 11, 2017, 9:19am

Oups sorry for annoying
One file is 490Ko
Logstash configuration is fat (3pages).

magnusbaeck · May 11, 2017, 9:57am

490Ko

490 kilobytes?

Saplog · May 11, 2017, 10:01am

yes

magnusbaeck · May 11, 2017, 11:04am

Such a small file should be processed within seconds. The Logstash logs might contain clues about what's taking so long.

system · June 8, 2017, 11:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.