Using logstash to import csv files into elasticsearch

alexus · October 16, 2017, 3:57pm

I'm using Running Logstash on Docker | Logstash Reference [5.6] | Elastic to import csv file into elasticsearch.

following is content from my ./pipeline directory:

input {
    file {
        path => "/csv/in/*.csv"
        start_position => "beginning"
        sincedb_path => "/dev/null"
    }
}

filter {
  csv {
    separator => ";"
    columns => ["bin", "cardNetwork", "bank", "cardType", "cardCategory", "country"]
  }
}

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
    user => "USER"
    password => "PASSWORD"
    index => "INDEX"
    document_type => "csv"
  }
  stdout { codec => rubydebug }
}

I'm not seeing any "ERROR" even with 'log.level' set to 'debug', thanks to stdout part I'm able to see that csv parse correctly, yet I'm not seeing anything written to elasticsearch.

Please advise.

magnusbaeck · October 16, 2017, 7:50pm

I'm not seeing anything written to elasticsearch.

What made you reach that conclusion? How are you checking what's in ES?

alexus · October 16, 2017, 9:00pm

I checked using Kibana and/or curl for newly created _index: INDEX, yet no records in there...

magnusbaeck · October 17, 2017, 5:20am

I assume the index isn't really named INDEX? Because that would be an illegal name.

If the index exists then Logstash is at least able to talk to ES (unless you created the index yourself). If there really isn't anything in the log I'd trace the network traffic.

alexus · October 24, 2017, 4:42pm

@magnusbaeck, you're correct INDEX isn't real...

... to test your theory, I adjusted output to write to index that doesn't exists followed by restart of container, and as last time I see stdout (rubydebug), however new index was not created nor my data would appear inside of it... I look in logs and there is no errors (or any issues) with connecting to elasticsearch, it appears to be connected just fine.

I'm also using X-Pack, and I see other connection to elasticsearch (for monitoring) are made without any issues...

Please advise.

magnusbaeck · October 24, 2017, 6:21pm

As I said, I'd trace the network traffic so see exactly what's going on.

alexus · October 25, 2017, 1:29am

@magnusbaeck, I'm on same network as elasticsearch, network isn't preventing any communications as I mention X-Pack's monitoring part is working without any issues and it's using same elasticsearch as I specified in my output plugin.

magnusbaeck · October 25, 2017, 5:18am

The point of inspecting the network traffic is to see whether Logstash is attempting to send anything to ES, and if so what and what ES responds. Any errors response should show up in the Logstash log but other breakage could prevent that from happening.

system · November 22, 2017, 5:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.