Problem

If you are working on Logstash-Forwarder on Windows then you may have encountered the issue below:

registry rotate: rename of .logstash-forwarder to .logstash-forwarder.old - rename .logstash-forwarder.old: The system cannot find the file specified.

WARNING: (continuing) update of registry returned error: rename .logstash-forwarder .logstash-forwarder.old: The system cannot find the file specified

You can read more about the issue and the root cause here:
https://github.com/elastic/logstash-forwarder/issues/270

Situation

This seems to have been an existing problem with Logstash-Forwarder on Windows for a while now. After doing some research, some people have already raised the issue and even suggested or have submitted a fix. For whatever reason, the latest version on master branch on Github or the download link on ElasticSearch download site does not contain the fix.

Solution

As I needed to run Logstash-Forwarder on Windows and seeing no immediate solution (read: a download link with the fix). I had to actually do something.

What I did:

  • Download the latest version of logstash forwarder on github (as of writing ver 0.4) here
  • Download Go here
  • Replace the necessary files with the code fix
    • Fix details is here
    • Don't replace the whole file, the link references older version
    • Read the code and replace the proper parts only
  • Use go build on the logstash-github folder to build the app
  • Get the logstash-forwarder.exe
  • Run logstash-forwarder.exe -config [your-config-file].conf in the appropriate folder

What you can do:

  • Download the exe file below
  • Rerun logstash

Fix: Download Link

You can download the EXE file:
https://www.dropbox.com/s/r3fblo0mffmua5h/logstash-forwarder-master.exe?dl=0.

Details:

  • Based on latest version of logstash-forwarder (as of writing 0.4.0)
  • No guarantees or assurances that it will work (worked on my machine)

Credits:

User sdegroot on github