Using mapping template from {:path=>nil}

Hi,
I am facing some issue in importing a data through Logstash

input
{
file
{
path =>"C:\Users\328347935\Downloads\EKL\logstash-6.2.2\mocklog.log"
start_position => "beginning"
codec => "plain"
}
}

filter
{
grok
{
match =>{"message" => "%{NUMBER:field_number:int}\s+(?<first_name>\S+)\s+(?<last_name>\S+)\s(?<email_address>\S+)\s(?\S+)\s(?\S+)"}
}
}

output
{
elasticsearch
{
hosts => "http://localhost:9200"
index =>"test"
}
stdout{}
}

And I am getting an error like:

[2018-02-27T11:14:33,253][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[
], :added=>[http://localhost:9200/]}}
[2018-02-27T11:14:33,263][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connect
ion is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2018-02-27T11:14:33,439][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://local
host:9200/"}
[2018-02-27T11:14:33,487][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
[2018-02-27T11:14:33,494][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event fiel
d won't be used to determine the document _type {:es_version=>6}
[2018-02-27T11:14:33,513][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-02-27T11:14:33,538][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"tem
plate"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynami
c_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "
norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>
false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"
}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=

"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2018-02-27T11:14:33,587][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::E
lasticSearch", :hosts=>["http://localhost:9200"]}
[2018-02-27T11:14:34,475][INFO ][logstash.pipeline ] Pipeline started succesfully {:pipeline_id=>"main", :thread=
"#<Thread:0x573dfd46 run>"}
[2018-02-27T11:14:34,637][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}

There is no error there. There is a WARN that can be ignored, but no error. What is the problem?

Path is said to be nill
but i set the file path where the text data is

[2018-02-27T11:14:33,253][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[
], :added=>[http://localhost:9200/]}}
[2018-02-27T11:14:33,263][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connect
ion is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2018-02-27T11:14:33,439][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://local
host:9200/"}
[2018-02-27T11:14:33,487][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>nil}
[2018-02-27T11:14:33,494][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event fiel
d won't be used to determine the document _type {:es_version=>6}
[2018-02-27T11:14:33,513][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2018-02-27T11:14:33,538][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"tem
plate"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynami
c_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "
norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>
false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"
}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=

That is telling you that you did not provide the template configuration option on your elasticsearch output, so it is using the compiled-in default. It is a non-issue.

Thank you,
Can you please help me out?

If you can explain what problem or issue you are facing then someone may be able to help. The log you showed looks normal. You said you are "facing some issue" but have not explained what the issue is.

I am so sorry.
The issue is I can't see the data in Kibana. I am very sure the problem is in output

I suggest you adjust the stdout output to be "stdout { codec => rubydebug }" and then post what you get on stdout when it reads a line from the file.

Alternatively, have you defined an index pattern that matches "test" (the index you are writing to)? If so, what do you see in the Discover panel in Kibana when viewing data in that index pattern?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.