No raw logs from logstash

I'm trying to do the import logs using IIS logs here's my config below.

input{
file{
path =>"C:/Users/Administrator/Documents/New folder/u_ex200419.log"
type =>"iis"
start_position => "beginning"
}
}
output{
elasticsearch{
hosts => ["192.168.2.70:9200"]
index => "iislog"
}
stdout {}
}

i have no error in the logstash please below.

[2020-08-28T21:04:55,785][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.8.1", "jruby.version"=>"jruby 9.2.11.1 (2.5.7) 2020-03-25 b1f55b1a40 Java HotSpot(TM) 64-Bit Server VM 14.0.2+12-46 on 14.0.2+12-46 +indy +jit [mswin32-x86_64]"}
[2020-08-28T21:04:57,254][INFO ][org.reflections.Reflections] Reflections took 62 ms to scan 1 urls, producing 21 keys and 41 values
[2020-08-28T21:04:58,834][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://192.168.2.70:9200/]}}
[2020-08-28T21:04:59,065][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://192.168.2.70:9200/"}
[2020-08-28T21:04:59,120][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2020-08-28T21:04:59,127][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>7}
[2020-08-28T21:04:59,236][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//192.168.2.70:9200"]}
[2020-08-28T21:04:59,332][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["C:/logstash-7.8.1/logstash-7.8.1/bin/iislog.conf"], :thread=>"#<Thread:0x33bcc6dd run>"}
[2020-08-28T21:04:59,334][INFO ][logstash.outputs.elasticsearch][main] Using default mapping template
[2020-08-28T21:04:59,490][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2020-08-28T21:05:00,980][INFO ][logstash.inputs.file ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"C:/logstash-7.8.1/logstash-7.8.1/data/plugins/inputs/file/.sincedb_d657e67e84771d791eb7c63834894e9a", :path=>["C:/Users/Administrator/Documents/New folder/u_ex200419.log"]}
[2020-08-28T21:05:01,008][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2020-08-28T21:05:01,057][INFO ][filewatch.observingtail ][main][ee2da0d8570ecf88049a1c4757f8db2e41049921f1a7204d465574228623d142] START, creating Discoverer, Watch with file and sincedb collections
[2020-08-28T21:05:01,084][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2020-08-28T21:05:01,486][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

I already create a index pattern and i choose the iislog.

but no raw logs for IISlog.

please help me on this.

Try adding

sincedb_path => "NUL"

to the file input.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.