

<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/JSPWiki/images/favicon.ico" />

<link rel="icon" type="image/x-icon" href="/JSPWiki/images/favicon.ico" />


<pre>
!!! Intro

These instructions are for {{logstash-1.1.5-monolithic.jar}}.

Often it is tricky to get LogStash running for prototyping reasons.  The following instructions will get you going.

Note: These instructions are for getting LogStash to read from stdin and a file in JSON format and also to actually store the field values.

!!! Configuration Files

First, create a few files

! logstash-simple.conf

{{{
input {
  stdin {
    type =&gt; &quot;stdin-type&quot;
    format =&gt; &quot;json&quot;
  }

  file {
    debug =&gt; true
    format =&gt; &quot;json&quot;

    path =&gt; [ &quot;/Users/username/prototype/logstash/*.log&quot; ]
    
    start_position =&gt; &quot;beginning&quot;
    type =&gt; &quot;file-type&quot;
  }
}

output {
  stdout { 
    debug =&gt; true
    debug_format =&gt; &quot;json&quot;
  }

  elasticsearch { 
    embedded =&gt; true
  }
}

}}}

! run-logstash.sh

{{{
java -jar logstash-1.1.5-monolithic.jar agent -f logstash-complex.conf
}}}

! run-logstash-web.sh

{{{
java -jar logstash-1.1.5-monolithic.jar web --backend elasticsearch://localhost/
}}}

! json.log

This file can be any valid JSON file.

{{{
{&quot;fname&quot;: &quot;begin&quot;, &quot;lname&quot;: &quot;begin&quot;}
{&quot;fname&quot;: &quot;david&quot;, &quot;lname&quot;: &quot;arcoleo&quot;}
{&quot;fname&quot;: &quot;sarah&quot;, &quot;lname&quot;: &quot;arcoleo&quot;}
{&quot;fname&quot;: &quot;karen&quot;, &quot;lname&quot;: &quot;arcoleo&quot;}
{&quot;fname&quot;: &quot;joseph&quot;, &quot;lname&quot;: &quot;arcoleo&quot;}
{&quot;fname&quot;: &quot;end&quot;, &quot;lname&quot;: &quot;end&quot;}
}}}

!!! Running &amp; Testing

In one shell, run

{{{
$ ./run_logstash.sh
}}}

In another do

{{{
$ ./run_logstash_web.sh
}}}

Wait until the java processes stop spiking and then, in another shell do

{{{
$ curl -s -XGET http://localhost:9200/_status\?pretty\=true
}}}

If you see 

{{{
{
  &quot;ok&quot; : true,
  &quot;_shards&quot; : {
    &quot;total&quot; : 0,
    &quot;successful&quot; : 0,
    &quot;failed&quot; : 0
  },
  &quot;indices&quot; : { }
}
}}}

then you don't have any data and something is wrong with your config.  If you see anything else, you're good to go.

__NOTE__: If you see no data, you may have to tweak the JSON file.  It seems to sometimes read only on file change.  So just insert a blank line at top of the JSON file and save it (while the java processes are still running).  You should see a bunch of output from your {{run-logstash.sh}} window.

!!! Verifying

Go to [http://localhost:9292/] and put &quot;*&quot; in for the query (w/o the quotes).  You should see every line in the JSON file.

Put in &quot;fname:david&quot; and you should just see the one line.

----
[CategoryComputing.Logging]

</pre>