Logstash error to recreate Index for Elasticsearch

2
votes

I am using : - elasticsearch-2.1.1 - kibana-4.3.1-linux-x64 - logstash-2.1.1 I followed this tutorial: https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html

Then logstash was able to create the index into Elasticsearch. After I deleted the index in elasticsearch with : curl -XDELETE http://localhost:9200/logstash-2015.12.30/ Then I tried to create a new index with a new file config but logstash did not send the new index to the elasticsearch.

What is wrong? Why logstash is not sending the new index to the elasticsearch? Is this some kind of bug ?

I hope someone can help me.

Regards

1
elasticsearchlogstashkibana
Are you sure that your log files in your input are producing new log data?Val

1 Answers

4
votes

This is because logstash has already read and processed your input file. logstash make use of sincedb to keep track of position that it already read. To make logstash to read and process your input every time you run logstash, use "sincedb_path" option to /dev/null in your input plugin as given below.

input {
     file {
     path => "/path/to/logstash-tutorial.log"
      start_position => beginning 
      sincedb_path => "/dev/null"
    }
  }

See this(how to use sincedb in logstash?) link for more information.