Reading a file with file input

Lavinia_Maties · August 17, 2019, 3:54pm

Hi everyone, I have a problem parsing my file using Logstash on windows 10.
this is my .conf file :
input {
file {
path => "C:\ProgramData\ELK\Logs\CBS\CBS.log"
}
}

filter {
grok {
match => { "message" => "%{DATESTAMP:time}, %{WORD:inform} %{SPACE} %{GREEDYDATA:rest}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
I'am using Logstash 7.0.0. I try to change to 6.2.4 version but I can't apparently is seems to not recognize java VM .. so any help is good. Thank you

Badger · August 17, 2019, 4:25pm

Use forward slash in the path option for the file input.

What problem are you having?

Lavinia_Maties · August 17, 2019, 4:29pm

Hi,
The problem is that I can see any index in Elasticsearch.. it seems that my file is not read at all. I tried with forward slash but is steel not working
Logstash is Successfully started but then nothing happens

Badger · August 17, 2019, 4:40pm

Try

file {
    path => "C:/ProgramData/ELK/Logs/CBS/CBS.log"
    start_position => "beginning"
    sincedb_path => "NUL"
}

Lavinia_Maties · August 17, 2019, 4:53pm

I tried, but is not working.
Thanks anyway

Badger · August 17, 2019, 5:48pm

Set the log.level to trace and see what filewatch says.

Lavinia_Maties · August 17, 2019, 7:50pm

Yea, actually that was a problem with log path, I didn't define the log extension correctly. But it's ok now.
Thank you for your support

system · September 14, 2019, 7:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.