0

When I run a command like this(on a Windows System): 

logstash -f logstash-apache.conf

there's no output and it didn't store any log to the elasticsearch. so I think it didn't work. btw I refered to the website:https://www.elastic.co/guide/en/logstash/current/config-examples.html#config-examples

this is my conf file(logstash-apache.conf):

input {
  file {
    path => ["C:/Users/User/Downloads/logstash-5.5.1/bin/access_log.txt"]
    start_position => "beginning"
  }
}

filter {
  if [path] =~ "access" {
   mutate { replace => { "type" => "apache_access" } }
    grok {
      match => { "message" => "%{COMBINEDAPACHELOG}" }
    }
  }
  date {
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
  }
  stdout { codec => rubydebug }
}

this is the output: C:\Users\User\Downloads\logstash-5.5.1\bin>logstash -f logstash-apache.conf ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console. Sending Logstash's logs to C:/Users/User/Downloads/logstash-5.5.1/logs which is now configured via log4j2.properties [2017-08-18T08:35:20,504][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[localhost:9200/]}} [2017-08-18T08:35:20,509][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>localhost:9200/, :path=>"/"} [2017-08-18T08:35:20,668][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>#} [2017-08-18T08:35:20,670][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil} [2017-08-18T08:35:20,725][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}} [2017-08-18T08:35:20,734][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#]} [2017-08-18T08:35:21,010][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500} [2017-08-18T08:35:21,896][INFO ][logstash.pipeline ] Pipeline main started [2017-08-18T08:35:22,036][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

thank you in advance :)

張皓翔
  • 341
  • 1
  • 4
  • 16
  • From the output, logstash seems to have started correctly. I think the problem is coming from the fact that the file input plugin remembers where it has stopped and won't process the same lines of a file twice. See https://stackoverflow.com/questions/19546900/how-to-force-logstash-to-reparse-a-file – baudsp Aug 18 '17 at 11:55
  • Thank you : ) that's right. I just got the point haha. – 張皓翔 Aug 19 '17 at 06:48

0 Answers0