Hello, I'm using Logstash on a docker container (see [https://hub.docker.com/_/logstash/]) which I'm starting with the detach (-d) option.
The thing is working fine, however now that I'm parsing a lot of logs I would like to check:
- If everything is going fine, I mean if Logstash is correctly filtering all lines, successfully sending them to Elasticsearch, etc.
- When Logstash has finished parsing one file
- Generally speaking, how Logstash is working
I see that in the Logstash container (which is running properly) inside /var/log/logstash I can't find any file. So where should I look for logs? Are there some commands to check the status?
If everything is going fine, I mean if Logstash is correctly filtering all lines, successfully sending them to Elasticsearch, etc.
Two things spring to mind:
- Is Logstash logging anything (errors or warnings, in particular) at any significant rate?
- Are messages flowing through Logstash? You can use Lovebeat to receive pings from Logstash and sound an alarm if they stop coming.
When Logstash has finished parsing one file
You'll have to monitor your sincedb file(s) for that. I'm not sure if Logstash 5.0 adds any interesting metrics to the file input.
I see that in the Logstash container (which is running properly) inside /var/log/logstash I can't find any file. So where should I look for logs?
docker logs, perhaps?
Thanks for the very complete answer! 