How to load SFTP data into Elasticsearch via Logstash



Introducing a simple method to load SFTP data using the ETL module Logstash of the full-text search service Elasticsearch and the CData JDBC driver.

Elasticsearch is a popular distributed full-text search engine. By centrally storing data, you can perform ultra-fast searches, fine-tuning relevance, and powerful analytics with ease. Elasticsearch has a pipeline tool for loading data called "Logstash". You can use CData JDBC Drivers to easily import data from any data source into Elasticsearch for search and analysis.

This article explains how to use the CData JDBC Driver for SFTP to load data from SFTP into Elasticsearch via Logstash.

Using CData JDBC Driver for SFTP with Elasticsearch Logstash

  • Install the CData JDBC Driver for SFTP on the machine where Logstash is running.
  • The JDBC Driver will be installed at the following path (the year part, e.g. 20XX, will vary depending on the product version you are using). You will use this path later. Place this .jar file (and the .lic file if it's a licensed version) in Logstash.
    C:\Program Files\CData\CData JDBC Driver for SFTP 20XX\lib\cdata.jdbc.sftp.jar
  • Next, install the JDBC Input Plugin, which connects Logstash to the CData JDBC driver. The JDBC Plugin comes by default with the latest version of Logstash, but depending on the version, you may need to add it.
    https://www.elastic.co/guide/en/logstash/5.4/plugins-inputs-jdbc.html
  • Move the CData JDBC Driver’s .jar file and .lic file to Logstash's "/logstash-core/lib/jars/".

Sending SFTP data to Elasticsearch with Logstash

Now, let's create a configuration file for Logstash to transfer SFTP data to Elasticsearch.

  • Write the process to retrieve SFTP data in the logstash.conf file, which defines data processing in Logstash. The input will be JDBC, and the output will be Elasticsearch. The data loading job is set to run at 30-second intervals.
  • Set the CData JDBC Driver's .jar file as the JDBC driver library, configure the class name, and set the connection properties to SFTP in the form of a JDBC URL. The JDBC URL allows detailed configuration, so please refer to the product documentation for more specifics.
  • SFTP can be used to transfer files to and from SFTP servers using the SFTP Protocol. To connect, specify the RemoteHost;. service uses the User and Password and public key authentication (SSHClientCert). Choose an SSHAuthMode and specify connection values based on your selection.

    Set the following connection properties to control the relational view of the file system:

    • RemotePath: Set this to the current working directory.
    • TableDepth: Set this to control the depth of subfolders to report as views.
    • FileRetrievalDepth: Set this to retrieve files recursively and list them in the Root table.
    Stored Procedures are available to download files, upload files, and send protocol commands. See gdatamodel for more on using SQL to interact with the server.

Executing data movement with Logstash

Now let's run Logstash using the created "logstash.conf" file.

logstash-7.8.0\bin\logstash -f logstash.conf

A log indicating success will appear. This means the SFTP data has been loaded into Elasticsearch.

For example, let's view the data transferred to Elasticsearch in Kibana.

    GET sftp_table/_search
    {
        "query": {
            "match_all": {}
        }
    }
Querying the SFTP data loaded into Elasticsearch

We have confirmed that the data is stored in Elasticsearch.

Confirming the SFTP data loaded into Elasticsearch

By using the CData JDBC Driver for SFTP with Logstash, it functions as a SFTP connector, making it easy to load data into Elasticsearch. Please try the 30-day free trial.

Ready to get started?

Download a free trial of the SFTP Driver to get started:

 Download Now

Learn more:

SFTP Icon SFTP JDBC Driver

An easy-to-use database-like interface for Java based applications and reporting tools access to remote files and directories.