Reading a file with file input

Elastic Stack Logstash
1

Hi everyone, I have a problem parsing my file using Logstash on windows 10.
this is my .conf file :
input {
file {
path => "C:\ProgramData\ELK\Logs\CBS\CBS.log"
}
}

filter {
grok {
match => { "message" => "%{DATESTAMP:time}, %{WORD:inform} %{SPACE} %{GREEDYDATA:rest}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
I'am using Logstash 7.0.0. I try to change to 6.2.4 version but I can't apparently is seems to not recognize java VM .. so any help is good. Thank you :slight_smile:

2

Use forward slash in the path option for the file input.

What problem are you having?

3

Hi,
The problem is that I can see any index in Elasticsearch.. it seems that my file is not read at all. I tried with forward slash but is steel not working
Logstash is Successfully started but then nothing happens

4

Try

file {
    path => "C:/ProgramData/ELK/Logs/CBS/CBS.log"
    start_position => "beginning"
    sincedb_path => "NUL"
}
5

I tried, but is not working.
Thanks anyway

6

Set the log.level to trace and see what filewatch says.

7

Yea, actually that was a problem with log path, I didn't define the log extension correctly. But it's ok now.
Thank you for your support :slight_smile:

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.