1

I am new to Logstash, and I have been trying to make a simple .conf file to read logs from sample Log file. I have tried everything from making sincedb_path to $HOME/.sincedb to setting the start_path to "Beginning", but I can't seem to get the data to be read even to stdout. The following is a sample line from my sample log:

10.209.12.40 - - [06/Aug/2014:22:59:18 +0000] "GET /robots.txt HTTP/1.1" 200 220 "-" "Example-Prg/1.0"

www.example.com 10.209.11.40 - - [06/Aug/2014:23:05:15 +0000] "GET /robots.txt HTTP/1.1" 200 220 "-" "Example-Prog/1.0"

www.example.com 10.209.11.40 - - [06/Aug/2014:23:10:21 +0000] "GET /File/location-path HTTP/1.1" 404 25493 "http://blog.example.com/link-1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36(KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"

The following is the .conf file that I am using:

input
{
    stdin
    {

    }
    file
    {
#       type => "access"
        path => ["/home/user/Desktop/path1/www.example.com-access_log_20140806.log"]
        start_position => "beginning"
        sincedb_path => "/dev/null"
    }
}


filter
{
#   if [type] == "access"
#   {
        grok
        {
            break_on_match => false
            match => {
                "message" => '%{IP:sourceIP} %{DATA:User_Id} %{DATA:User_Auth} \[%{HTTPDATE:timestamp}\] \"%{WORD:HTTP_Command} %{DATA:HTTP_Path} %{DATA:HTTP_Version}\" %{NUMBER:HTTP_Code} %{NUMBER:Bytes} \"%{DATA:Host}\" \"%{DATA:Agent}\"'
            }
            match => {
                "message" => '%{HOST:WebPage} %{IP:sourceIP} %{DATA:User_Id} %{DATA:User_Auth} \[%{HTTPDATE:timestamp}\] \"%{WORD:HTTP_Command} %{DATA:HTTP_Path} %{DATA:HTTP_Version}\" %{NUMBER:HTTP_Code} %{NUMBER:Bytes} \"%{DATA:Host}\" \"%{DATA:Agent}\"'
            }
        }
#   }
}

output
{
    stdout
    {
        codec => rubydebug
    }
}

I am running it through stdout to get check whether I am getting an output or not. I am getting the following output:

{
       "message" => "",
      "@version" => "1",
    "@timestamp" => "2015-07-02T20:48:55.453Z",
          "host" => "monil-Inspiron-3543",
          "tags" => [
        [0] "_grokparsefailure"
    ]
}

I have spent a good number of hours trying to figure out what is wrong. Please tell me where I am going wrong.

Thanks in Advance.

EDIT: It was an error in the file name.

Aminah Nuraini
  • 18,120
  • 8
  • 90
  • 108
CKHobbes
  • 11
  • 4

0 Answers0