Loading...

logstash / or ?

:heavy_exclamation_mark: This post is older than a year. Consider some information might not be accurate anymore. :heavy_exclamation_mark:

Used:   logstash v1.5.1 

Working with logstash on a Windows machine is a little tricky. The curl command exists as Windows binary. Invoking curl gives me a JSON message, that I used for logstash input.

curl.exe http://localhost:8080/jolokia/read/metrics:name=trx.process.approved

Output

{
    "request": {
        "mbean": "metrics:name=trx.process.approved",
        "type": "read"
    },
    "value": {
        "Count": 455
    },
    "timestamp": 1434716739,
    "status": 200
}

Configure the logstash.conf

input {
    exec {
        command => "C:\bin\curl\curl.exe http://localhost:8080/jolokia/read/metrics:name=trx.process.approved"
        interval => 10
        codec => json
    }
}
output {
    stdout {}
}

Should work, right? Nope. Running logstash:

logstash.bat -f logstash.conf
Logstash startup completed
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (6) Could not resolve host: http://localhost:8080/jolokia/read/metrics

Seems that on Windows / was replaced with `` and the string after “:” missed. Escaping didn’t work. The final solution is to write a .bat file that invokes that command, to avoid the issue.

New logstash.conf using metrics.bat that contains the curl command.

input {
    exec {
        command => "C:\tools\logstash-1.5.1\bin\metrics.bat"
        interval => 10
        codec => json
    }
}
output {
    stdout {}
}

Basic conclusion: Avoid using Logstash with Windows. If you intend to use Logstash as log shipper on a Linux Server, test it there.

Update 2018: In 2015 the Beats family wasn’t around.