Please help Importing csv with logstash and create an index in elasticsearch

Alvaro_Sanz_Garrigue · April 26, 2017, 11:46am

Hello,
I'm new with elasticsearch and I'm trying to import csv data with logstash in Windows 10.

The configuration file i'm using for logstash is "csv-config.conf":

input {
file {
path => "/Users/asanzgarrigues/Desktop/test2.csv"
start_position => "beginning"
}
}
filter {
csv {
separator => ","
columns => ["PacketId","MACAddress","Date","PacketLength","SourceIP","SourcePort","DestIP","DestPort"]
}
}
output {
elasticsearch {
hosts => ["localhost:9203"]
action => "index"
index => "test"
}
stdout {codec => rubydebug}
}

When I execute the command:
logstash -f csv-config.conf

the response is the following:

It looks like the index have been created(or at least I think so) but when I search for my index with kibana or elasticsearch nothing appears.

I changed the elasticsearch port to 9203 because 9200 was not working.
Additonaly, the file log4j2 is located in the correct path but logstash doesn't recognize it.
Edit: I solved the problem of log4j2, the problem was in the file runner.rb (logstash-5.3.0\logstash-core\lib\logstash\runner.rb) at the line:
LogStash::Logging::Logger::initialize("file://" + log4j_config_location)
that line should be replaced by:
LogStash::Logging::Logger::initialize("file:///" + log4j_config_location)

I also try to use the debug mode to get more information about the problem but I don't get nothing clear.

Thnak you for help!

Alvaro_Sanz_Garrigue · April 27, 2017, 7:04am

Researching I think that the problem is the connection between ES and logstash. Because I have the following WARN in the console response.

[2017-04-26T18:37:13,307][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#URI::HTTP:0x4ec28691 URL:http://localhost:9203/>}

Any ideas of how to solve it? I used the port 9203 for ES because the 92000 was unavailable .
Thank you

warkolm · April 28, 2017, 8:15am

Please don't post pictures of text, they are difficult to read and some people may not be even able to see them

Alvaro_Sanz_Garrigue · April 28, 2017, 8:19am

OK I will not do it again.

I solve this problem you can close the topic.
Thank you

warkolm · April 28, 2017, 8:25am

How did you solve it? Sharing may help others in future.

Alvaro_Sanz_Garrigue · April 28, 2017, 8:49am

I finally make it works. I was doing it in the enterprise laptop which is restricted. I create a Ubuntu VM where I have the whole control, and there with the same configuration it finally works.
So I guess that in my enterprise computer there were permissions issues or something like that which denies logstash to work as expected.

Thank you

system · May 26, 2017, 8:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Importing CSV to elasticsearch using Logstash Logstash	2	1757	February 14, 2018
Indexing CSV data into elasticsearch Logstash	8	4910	July 6, 2017
Import CSV File as input in logstash and the output data to elasticsearch Logstash	10	37969	May 19, 2017
Is this conf file working for csv import? Logstash	10	3403	July 6, 2017
Logstash won't parse CSV to elasticsearch Logstash	3	637	May 14, 2019

Please help Importing csv with logstash and create an index in elasticsearch

Related topics