elasticsearchlogstashkibana
logstash does not load data to elasticsearch index
I have created an index in elasticsearch to store some test logs, but I can't get the data to load from logstash. I create the index in ES:
put sonicwall
{
"mappings":{
"properties":{
"Time": { "type":"text"},
"Category": { "type":"text"},
"Group": { "type":"text"},
"Event":{ "type":"text"},
"Priority":{ "type":"text"}
}
}
}
The index is created
Now, my logstash config file:
input{
file{
path => "C:/Elastic/logsPrueba/log3.csv"
start_position => beginning
}
}
filter{
csv{
separator => ","
columns => ["Time","Category","Group","Event","Priority"]
}
}
output{
elasticsearch{
hosts => ["localhost:9200"]
index => "sonicwall"
}
stdout {}
}
This is the CSV
when I run logstash, the data is never loaded
Can someone help me?
Solution
I think I have discovered the problem. When the csv file is read for the first time, some kind of record is saved at the end of the file and then logstash is not able to start from the beginning. I have tried to fix it with sincedb_path = "NULL" on Windows or sincedb_path="/dev/null" on Linux, but logstash is able to start reading the file from the beginning again and again. If I add a new log line and run logstash, only the newly added line is painted.
- brew install elasticsearch on M1 macbook results in "Bad CPU type in executable" error
- Spring Data Elasticsearch Bulk Index/Delete - Millions of Records
- fluentd with OpenSearch - where does the @timestamp field come from?
- Storing and managing Forex trading tick data
- mongodb fulltext searching strategy
- Is it possible to use elasticsearch synonyms dynamically?
- Elasticsearch showing received plaintext http traffic on an https channel in console
- Wildcard/regexp query with asterix chacter
- How to Count Unique Assets with Specific Severity in Elasticsearch?
- Am I correct that Elasticsearch simple_query_string does not support wildcards, but only prefix queries?
- ElasticSearch text array length
- Elasticsearch Nested Aggregations with Spring data elasticsearch 5.2
- How to check that all shards are moved from a specific elasticsearch node?
- How do to an Elasticsearch ESQL Distinct Query?
- How can I add a field to existing mapping with values in other fields?
- Elastic Search sort documents with same score using another field value
- OpenSearch with Spring Boot - Displaying docuemnts by number of keywors
- How to one value come first during sort on that field Elastic Search
- Retrieve selected fields from a search
- Logstash main class JvmOptionsParser not found / cannot load
- What is the difference between standard and language analyzer in Elasticsearch?
- How can I count all the occurrences within my date_histogram?
- Reliable .NET API for Elastic Search
- Not working fuzzy logic when use the fuzzines.auto elasticsearch
- Yellow health status on elastic causing kibana to fail at launch?
- How to Enable Logging in Rails Application with OpenSearch and Searchkick Integration?
- ElasticSearch - Unable To Search Using Fuzzy Match Query For Underscore in value (ES Fuzzy not matching underscore value)
- registering a custom analyzer and using it in a template
- Elasticsearch implement off-the-shelf language analyser but use custom tokeniser
- KQL query Count and Limit Matching Documents in Time Frame