1

I'm trying to run the ELK for NGINX Plus (JSON) example on a Windows 10 machine, and am hung up on finding a Windows equivalent to the following unix command for ingesting the log data into Elasticsearch:

cat nginxplus_json_logs | <path_to_logstash_root_dir>/bin/logstash -f nginxplus_json_logstash.conf

From this question and this question I understand that type can perform some of the same actions as cat in unix. I tried the exact same command replacing cat with type, which unsurprisingly didn't work. Here is my command and response:

type nginxplus_json_logs.txt | ../logstash-2.1.1/bin/logstash -f nginxplus_json_logstash.conf

'..' is not recognized as an internal or external command,
operable program or batch file.

Is it possible to replicate that action using the type command? If so, how do I need to change the way I have my command formatted?

Community
  • 1
  • 1
DanHam
  • 340
  • 2
  • 17
  • 1
    If possible, install msys2, it has cat and other Linux utilities – Marware Feb 12 '16 at 19:20
  • I'm able to run the cat command from msys2, but now it looks like there's an issue with my configuration file. Here's the error message I'm getting: "Error: The setting `host` in plugin `elasticsearch` is obsolete and is no longer available. Please use the 'hosts' setting instead" – DanHam Feb 12 '16 at 19:48
  • Update: I changed `host` to `hosts` in nginxplus_json_logstash.conf and am now getting an error message about other settings: `{:timestamp=>"2016-02-12T11:40:56.719000-0800", :message=>"Unknown setting 'protocol' for elasticsearch", :level=>:error} {:timestamp=>"2016-02-12T11:40:56.722000-0800", :message=>"Unknown setting 'cluster' for elasticsearch", :level=>:error} Error: Something is wrong with your configuration.` – DanHam Feb 12 '16 at 19:53

1 Answers1

2

On Windows your command should be using backslashes "\" instead of forward slashes "/" and you need to call the logstash.bat file instead of logstash.

So your command must look like this instead (make sure to cd into the right folder first):

type nginxplus_json_logs.txt | ..\logstash-2.1.1\bin\logstash.bat -f nginxplus_json_logstash.conf

Furthermore, the logstash configuration file you have is for Logstash 1.5.4, since you have 2.1.1, you can modify your elasticsearch output to look like this instead:

  elasticsearch {
    hosts => ["localhost:9200"]
    index => "nginxplus_json_elk_example"
    document_type => "logs"
    template => "./nginxplus_json_template.json"
    template_name => "nginxplus_json_elk_example"
    template_overwrite => true
  }
Val
  • 207,596
  • 13
  • 358
  • 360