file data from start not passed to Elasticsearch

0
votes

I have an existing log file and I am setting up ELK stack now and I am able to connect everything together and anything I add does reflect in Elasticsearch, But data that was already there in the log file does not show up in Elasticsearch

logstash.conf file input { file { path => "/home/ubuntu/cms_access.log" start_position => "beginning" } } output { elasticsearch { hosts => "xyz.com:80" user => 'kibanauser' password => 'password' document_type => "_doc" } }

I am checking this using Kibana and I do not find the data there so any assistance on this will be appreciated

1
elasticsearchlogstashkibana

1 Answers

0
votes

the logstash.conf file needs to have start_position and sincedb_path as below .. insufficient research on my part but hope this helps someone

input {
  file {
    path => "/home/ubuntu/apache-daily-access.log"
  start_position => "beginning"
  sincedb_path => "/dev/null"
  }
}