Configuring Logstash on Windows
I am trying to feed log files into Logstash on a Windows machine. I tried following the tutorial at http://logstash.net/docs/1.1.13/tutorials/getting-started-simple, and am now stuck on the "Continuing on" part. This is what my logstash-simple.conf file looks like:
input {
stdin {
type => "stdin-type"
}
file {
type => "syslog"
# Wildcards work, here :)
path => [ "C:/Results/test.txt" ]
}
}
output {
stdout { }
elasticsearch { embedded => true }
}
I have tried all kinds of combinations of forward slashes, backward slashes, etc., and I get a "The filename, directory name, or volume label syntax is incorrect."
Any tips?
Also - will it recursively look through the directory if I specify C:/Results/* (and that dir has multiple subdirs)?
Answer
Logstash globs support ** pattern.
To search the directories recursively for log files under c:/results with extension *.log, you could specify ** glob pattern as follows:
file {
type => "syslog"
path => ["c:/results/**/*.log"]
}
As a side note, while working with logstash on windows you may want to use lowercase directory and file names and lowercase drive letters to save yourself some trouble. There seems to be windows related bug in Logstash 1.1.13 which is the latest version as of date.