Upload log file in elasticsearch using logstash

Bhavesh_Padharia · January 10, 2019, 12:48pm

Hello Everyone ,
i am new in elasticsearch

I try to upload log file in elasticsearch using logstash
i use this curl command

system@system-VirtualBox:~/Downloads/logstash-6.5.4$  curl -s -XPOST localhost:9200/_bulk --data @/home/system/Documents/LOG Data File/app2.log

But it seen this error

{"error":{"root_cause":[{"type":"parse_exception","reason":"request body is required"}],"type":"parse_exception","reason":"request body is required"},"status":400}

what i do to solve this error? Anyone suggest me.

A_B · January 10, 2019, 1:01pm

Well, you are not really using Logstash. You are in a Logstash folder using curl trying to post a log file directly to Elasticsearch.

I suggest you actually run Logstash

There are plenty of examples of simple Logstash configs to accomplish this.

A_B · January 10, 2019, 1:08pm

Thah was not necessarily very helpful, sorry... Try this (I don't really use file inputs so it might not be 100% correct). Put the below in a file e.g. logstash.conf

input {
  file {
    path => "/home/system/Documents/LOG Data File/app2.log"
    start_position => "beginning"
  }

}

filter {}

output {
  elasticsearch {
    hosts => "["127.0.0.1:9200"]"
  }
}

Start Logstash with

logstash-6.5.4/bin/logstash -f logstash.conf

Bhavesh_Padharia · January 11, 2019, 8:42am

{"error":{"root_cause":[{"type":"parse_exception","reason":"request body is required"}],"type":"parse_exception","reason":"request body is required"},"status":400}

it again seen this error.

A_B · January 11, 2019, 9:16am

That still looks like a curl error message to me... What command did you run?

Bhavesh_Padharia · January 11, 2019, 9:17am

curl -s -XPOST localhost:9200/_bulk --data @/home/system/Documents/LOG Data File/app2.log

A_B · January 11, 2019, 9:47am

You are still not using Logstash.

At least in the subject you say you want to use Logstash.

If you take my suggested Logstash configuration from above and start Logstash with

logstash-6.5.4/bin/logstash -f logstash.conf

That is all that is needed. You do not need to manually run curl commands after that. Logstash will read the log file and send the data to Elasticsearch.

Bhavesh_Padharia · January 11, 2019, 10:04am

My logstash successfully started but i can't upload log file using curl command.

Bhavesh_Padharia · January 11, 2019, 10:06am

please help how to upload log file in elasticsearch using logstash or any other source to upload log file.

A_B · January 11, 2019, 10:13am

You have to set the path to the Logstash config file correctly.

Put this in a file e.g. /path/to/config/logstash.conf

input {
  file {
    path => "/home/system/Documents/LOG Data File/app2.log"
    start_position => "beginning"
  }

}

filter {}

output {
  elasticsearch {
    hosts => "["127.0.0.1:9200"]"
  }
}

Start Logstash with

logstash-6.5.4/bin/logstash -f /path/to/config/logstash.conf

Bhavesh_Padharia · January 11, 2019, 10:54am

Thank you. it's work now,

system · February 8, 2019, 10:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.