My Logstash (1.4.1) config to read Squid log is shown below:
*input { file{ path => "/var/log/squid3/access.log" }}filter { grok
{ match => ["message","%{NUMBER:timestamp} \s+
%{NUMBER:request_msec:float} %{IPORHOST:src_ip}
%{WORD:cache_result}/%{NUMBER:response_status:int}
%{NUMBER:response_size:int} %{WORD:http_method}
(%{URIPROTO:http_proto}://)?%{IPORHOST:dst_host}(?::%{POSINT:port})?(?:%{URIPATHPARAM:uri_param})?
%{USERNAME:cache_user} %{WORD:request_route}/(%{IPORHOST:forwarded_to}|-)
%{GREEDYDATA:content_type}"] add_tag => ["squid"] }
date { match => [ "timestamp", "ISO8601" ] }}output {
elasticsearch { host => localhost } stdout { codec => rubydebug }}*
I have tested the pattern (using Grok debugger) and it is ok. However,
Logstash does nothing. It doesn't produce any error message and shows
nothing when I use "stdout { }".
Can somebody advise me on how to troubleshoot? Many thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/12c57a63-af80-4e77-9251-e724d01ac824%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
