Read multiple log

mohammed_cherif · June 20, 2017, 4:09pm

i want index multiple log with one input but logstash not read files

my config :

  input {
        file {
    		path => "C:/data1/log/*.log"
    		start_position => "beginning"
            sincedb_path => "/dev/null"
    		 type => "bctLog"
            }
    }


filter {

grok {
   match => { "message" => "%{MONTH:month} %{NUMBER:day}, %{YEAR:year} %{HOUR:hour}:%{MINUTE:minute}:%{SECOND:second}:%{NUMBER:milli}: %{LOGLEVEL:log-level} [%{DATA:threadName}\] took %{NUMBER:duration} ms." }
}
mutate {
    add_field => { 
        "eventTime" => "%{hour}:%{minute}:%{second} %{month} %{day} %{year}"
    }
}
mutate {
   convert => { "duration" => "integer" }
}
date {
    match => [ "eventTime" , "HH:mm:ss MMM d yyyy" , "HH:mm:ss MMM dd yyyy" ]
    locale => "en"
}
            
mutate {
  remove_field => [ "year", "month", "day", "time","message","frmwk","host","path","hour","minute","second","milli"]
}
            
}
output {
    elasticsearch {
        index => "cfrbif-multiple"
        hosts => "localhost:9200"
    }
  stdout { codec => json }
}

Please help.
Thanks

magnusbaeck · June 21, 2017, 9:44am

On Windows use sincedb_path => "nul" instead of sincedb_path => "/dev/null".

mohammed_cherif · June 29, 2017, 1:31pm

Thank's

system · July 27, 2017, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.