"type" : "index_not_found_exception"

Elastic Stack Logstash
1

Hi,
In this I'm trying to test ELK using a jboss log file placed in a folder I'm done with both ES and kibana. the logstash part I'm not able to configer i have placed the below routine inside a .conf file of config folder.

i get "type" : "index_not_found_exception" exception.

can you please guide me about the .conf file pipeline settings and how to start logstash (I tried starting the logstash by running the bat file inside the bin dir )

1.downloaded logstash
2.unziped
3.created the below conf file inside the config folder

Please let me know is there any more changes i have to go through

Note : Windows machine ES 6.1

input {
file {
path => "D:/Personal/Test_log_files"
type => "file"
}

filter {
grok {
match => [
"message",
"%{TIME:time} %{LOGLEVEL:level} [(?[^]]+)] ((?[^)]+)) %{GREEDYDATA:message}"
]
overwrite => ["message"]
}
date {
match => ["time", "MMM dd YYYY HH:mm:ss,SSS"]
remove_field => ["time"]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }

stdout { codec => json }

}
}

2

Please show the full error message.

3

{
"error" : {
"root_cause" : [
{
"type" : "index_not_found_exception",
"reason" : "no such index",
"resource.type" : "index_or_alias",
"resource.id" : "logstash-$DATE",
"index_uuid" : "na",
"index" : "logstash-$DATE"
}
],
"type" : "index_not_found_exception",
"reason" : "no such index",
"resource.type" : "index_or_alias",
"resource.id" : "logstash-$DATE",
"index_uuid" : "na",
"index" : "logstash-$DATE"
},
"status" : 404
}

This is the error when i try to access "http://localhost:9200/logstash-$DATE/_search?pretty&q=geoip.city_name=Buffalo"

5

Oh, you're getting that from a curl request. That was impossible to tell from your question. As configured your file input tails the input file. Look into the start_position option to get it to start from the top and learn about sincedb. See the file input documentation.

6

Can you please guide me is this the correct format of .conf file and correct groke pattems for the following log

Check out the grok constructor web site.

7

Logstash started how do i know its pushing the data to elastic search ?? still im not able to c the data in kibana .. :frowning: please guide me

8

Now i get an Error saying "Failed to open process token Access is Denied <5>"

9

Logstash started how do i know its pushing the data to Elasticsearch ??

Temporarily replace your elasticsearch output with a stdout { codec => rubydebug } output and use it to verify that Logstash is reading and processing any events at all.

10

Can you please give me a example so i can understand more clearly

Thanks for you great support Magnusbaeck :slight_smile:

11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.