Why is there no output in terminal?

Elastic Stack Logstash
1

version: logstash-2.3.4
nginx-1.8.1

here is my logstash.conf :slight_smile: :

input {
** file{**
** path => ["/home/houfan/nginx/errorlog/ac_api_error.log"]**
** start_position => "beginning"**
** }**
}
filter {
** grok {**
** match => { "message" => ["(?\d{4}/\d{2}/\d{2} \d{2}:\d{2}:\d{2}) [%{DATA:nginx_severity}] %{NOTSPACE} %{NOTSPACE} (?<nginx_message>(.|\r|\n)*)(?:, client: (?<nginx_client_ip>%{IP}|%{HOSTNAME}))(?:, server: %{IPORHOST:nginx_server})(?:, request: %{QS:nginx_request})?(?:, upstream: %{QS:upstream})?(?:, host: %{QS:nginx_host})?(?:, referrer: "%{URI:nginx_referrer})?"]}**
** }**
}

output {
** stdout {**
** codec => rubydebug**
** }**
}

and after I ran the command ./bin/logstash -f logstash.conf ,I only got this:

root@logstashServer:/elk/logstash# ./bin/logstash -f logstash.conf
Settings: Default pipeline workers: 4
Pipeline main started

no error , no red light .........where am I go wrong ?
really appreciate your help .:sob:

2

the path in the input section is absolutely right. I can sure.

3

Hi,

You can use the parameter "ignore_older" in the input section (maybe it solves the problem):

input {
file {
     path => "/home/houfan/nginx/errorlog/ac_api_error.log"
     start_position => "beginning"
     ignore_older => 0
     }
}

Regards

4

It's waiting for new data to be added to the file.

5

:heart_eyes: really really thanks !!!

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.