Menu
I am trying to feed log files into Logstash on a Windows machine. I tried following the tutorial at http://logstash.net/docs/1.1.13/tutorials/getting-started-simple, and am now stuck on the "Continuing on" part. This is what my logstash-simple.conf file looks like:
input {
stdin {
type => "stdin-type"
}
file {
type => "syslog"
# Wildcards work, here :)
path => [ "C:/Results/test.txt" ]
}
}
output {
stdout { }
elasticsearch { embedded => true }
}
I have tried all kinds of combinations of forward slashes, backward slashes, etc., and I get a "The filename, directory name, or volume label syntax is incorrect."
Any tips?
Also - will it recursively look through the directory if I specify C:/Results/* (and that dir has multiple subdirs)?
574
Download the Logstash zip package for Windows on the downloads page for Logstash. Extract the zip contents using the system's unzip tool. Logstash must be configured before the application can be run. It is necessary to save a config file in the bin folder and give it a meaningful name.
First you open your SSH session, then type screen at the prompt. That opens a new session in which you can run your logstash command. When it runs, you simply press Ctrl+a d in order to detach your self from that screen and you can safely logout.
Logstash globs support ** pattern.
To search the directories recursively for log files under c:/results with extension *.log, you could specify ** glob pattern as follows:
file {
type => "syslog"
path => ["c:/results/**/*.log"]
}
As a side note, while working with logstash on windows you may want to use lowercase directory and file names and lowercase drive letters to save yourself some trouble. There seems to be windows related bug in Logstash 1.1.13 which is the latest version as of date.
56
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
