Logstash – File input not working on Windows

Logstash is a great tool to transform the information stored in unstructured log files into a structured format. When using it on a Windows machine there are several things you should pay attention to (and which are not 100% documented).

Let’s say you want to use a file input and specify it in this way:

input {
  file{
    path => ["C:\Logs\*.logs"]
  }
}

When you run Logstash nothing happens and your files are not processed.

The reason for that is pretty simple: Logstash doesn’t like the \ and because of that it does not recognise the path properly. So simply change the config to look like this:

input {
  file{
    path => ["C:/Logs/*.logs"]
  }
}

Always use in Logstash configs and you will easily get around this problem. The problem is also known to the Logstash community (see this bug) but there is no fix in place yet.

Hint:

The mechanism for detecting which files have been written and which log entries are new is also not working correctly on Windows (see this bug here). The link also contains information on how to get around this problem.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s