I am using a basic logstash config that used to work:
input {
s3 {
"bucket" => "logs-alb-api"
"prefix" => "AWSLogs/934###"
"type" => "ELB_logs"
}
}
filter {
mutate {
rename => { "host" => "_host" }
}
grok {
match => ["message", "%{NOTSPACE:request_type} %{TIMESTAMP_ISO8601:log_timestamp} %{NOTSPACE:alb-name} %{NOTSPACE:client} %{NOTSPACE:target} %{NOTSPACE:request_processing_time:float} %{NOTSPACE:target_processing_time:float} %{NOTSPACE:response_processing_time:float} %{NOTSPACE:elb_status_code} %{NOTSPACE:target_status_code} %{NOTSPACE:received_bytes:float} %{NOTSPACE:sent_bytes:float} %{QUOTEDSTRING:request} %{QUOTEDSTRING:user_agent} %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol} %{NOTSPACE:target_group_arn} %{QUOTEDSTRING:trace_id}"]
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch.gurushots.virginia:9200"]
index => "elb-%{+YYYY.MM.dd}"
}
}
However I get the following error during logstash startup:
[2020-11-29T08:57:14,880][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<SocketError: initialize: name or service not known>, :backtrace=>["org/jruby/ext/socket/RubyTCPServer.java:124:in `initialize'", "org/jruby/RubyIO.java:875:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/puma-2.16.0-java/lib/puma/binder.rb:234:in `add_tcp_listener'", "(eval):2:in `add_tcp_listener'", "/usr/share/logstash/logstash-core/lib/logstash/webserver.rb:88:in `start_webserver'", "/usr/share/logstash/logstash-core/lib/logstash/webserver.rb:44:in `block in run'", "org/jruby/RubyRange.java:485:in `each'", "org/jruby/RubyEnumerable.java:1067:in `each_with_index'", "/usr/share/logstash/logstash-core/lib/logstash/webserver.rb:39:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:377:in `block in start_webserver'"]}
[2020-11-29T08:57:14,897][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
ES version 6.6
Logstash version 6.6
S3 input plugin version 3.5.0