2

I am using : - elasticsearch-2.1.1 - kibana-4.3.1-linux-x64 - logstash-2.1.1 I followed this tutorial: https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html

Then logstash was able to create the index into Elasticsearch. After I deleted the index in elasticsearch with : curl -XDELETE http://localhost:9200/logstash-2015.12.30/ Then I tried to create a new index with a new file config but logstash did not send the new index to the elasticsearch.

What is wrong? Why logstash is not sending the new index to the elasticsearch? Is this some kind of bug ?

I hope someone can help me.

Regards

Improve this question
1
  • Are you sure that your log files in your input are producing new log data? Commented Dec 30, 2015 at 12:52

1 Answer 1

Reset to default
4

This is because logstash has already read and processed your input file. logstash make use of sincedb to keep track of position that it already read. To make logstash to read and process your input every time you run logstash, use "sincedb_path" option to /dev/null in your input plugin as given below.

input {
     file {
     path => "/path/to/logstash-tutorial.log"
      start_position => beginning 
      sincedb_path => "/dev/null"
    }
  }

See this(how to use sincedb in logstash?) link for more information.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Great. Thank you very much.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.