Can someone help with the problem? logstasherror

6eaa863718a20dea686f · November 27, 2018, 6:02am

[2018-11-27T13:52:07,975][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-11-27T13:52:27,813][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.1"}
[2018-11-27T13:52:29,252][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 87, column 17 (byte 2638) after filter {\n\tgrok { \n\t\tbreak_on_match => false\n\t\tmatch => { "message" => [\n\t\t"%{CISCOTIMESTAMP:time} %{YEAR:year} %{GREEDYDATA:b} MAC=%{MAC:MAC} Station DN: BSSID=%{MAC:BSSID} ESSID=%{WORD:ESSID} VLAN=%{WORD:VLAN} AP-name=%{WORD:building}-%{WORD:floor}-%{WORD:classroom}","%{CISCOTIMESTAMP:time} %{YEAR:year} %{GREEDYDATA:b} Auth %{WORD:Authstatus}: %{COMMONMAC:MAC}: AP %{IP:ap_ip}-%{COMMONMAC:BSSID}-%{WORD:building}-%{WORD:floor}-%{WORD:classroom}-"\n\t\t]\n\t\t}\n \t}\n\n if[time]{\n\tmutate {\n\t\tremove_tag => [ "_grokparsefailure" ]\n add_field => {"ts" => "%{time} %{year}"}\n }\n\t\n date {\n match => [ "ts", "MMM dd HH:mm:ss yyyy", "MMM d HH:mm:ss yyyy", "ISO8601"] \n timezone => "Asia/Taipei"\n target => "@timestamp" \n}\n\n\n mutate {\n\n add_field => { "ap_name" => "%{building}-%{floor}-%{classroom}" }\n }\n\t}\n\n translate {\n field => "building"\n destination => "geoip.location"\n dictionary => [\n \t\t"A", "24.179518,120.598758",\n \t\t"AD", "24.178437,120.599389",\n \t\t"AH", "24.180782,120.597403",\n\t\t\t\t"AR", "24.180502,120.598100",\n\t\t\t\t"BD", "24.181285,120.600748",\n\t\t\t\t"BS", "24.177567,120.598989",\n\t\t\t\t"C", "24.180056,120.597094",\n\t\t\t\t"CAC", "24.178586,120.601557",\n\t\t\t\t"CC", "24.179423,120.602111",\n\t\t\t\t"CH", "24.177981,120.599420",\n\t\t\t\t"CKS", "24.180856,120.596010",\n\t\t\t\t"CME", "24.178057,120.597419",\n\t\t\t\t"E", "24.178794,120.597905",\n\t\t\t\t"GD", "24.177472,120.601463",\n\t\t\t\t"GR", "24.179508,120.601312",\n\t\t\t\t"GRG", "24.182266,120.602467",\n\t\t\t\t"GU", "24.178561,120.603776",\n\t\t\t\t"GYM", "24.180833,120.603186",\n\t\t\t\t"H", "24.180063,120.599805",\n\t\t\t\t"HT", "24.179859,120.597918",\n\t\t\t\t"ID", "24.180452,120.598532",\n\t\t\t\t"L", "24.179093,120.596324",\n\t\t\t\t"LA", "24.178614,120.597305",\n\t\t\t\t"AG", "24.179028,120.596886",\n\t\t\t\t"LAN", "24.180370,120.598799",\n\t\t\t\t"Lib", "24.179748,120.596107",\n\t\t\t\t"LS", "24.177601,120.598275",\n\t\t\t\t"M", "24.182272,120.611722",\n\t\t\t\t"MSA", "24.179049,120.601976",\n\t\t\t\t"MU", "24.180681,120.610028",\n\t\t\t\t"FA", "24.181009,120.610342",\n\t\t\t\t"ND", "24.179299,120.611888",\n\t\t\t\t"OIEP", "24.1792511,120.601913",\n\t\t\t\t"P", "24.180034,120.602930",\n\t\t\t\t"PG", "24.1823038,120.6126909",\n\t\t\t\t"ICE", "24.183061,120.613186",\n\t\t\t\t"PoYa", "24.1813758,120.6004968",\n\t\t\t\t"S", "24.1783099,120.5983467",\n\t\t\t\t"SAC", "24.179388,120.602372",\n\t\t\t\t"SS", "24.1805069,120.5950996",\n\t\t\t\t"ST", "24.1811622,120.5971336",\t\t\t\n\t\t\t\t"W", "24.178965,120.603998"\n ]\n }\n\n \n\noutput {\n elasticsearch ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:149:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:90:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:42:in block in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:92:inblock in exclusive'", "org/jruby/ext/thread/Mutex.java:148:in synchronize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:92:inexclusive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:38:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:317:inblock in converge_state'"]}
[2018-11-27T13:52:29,471][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Eniqmatic · November 27, 2018, 8:10am

Please post your full config and use formatting, this is very hard to read.

system · December 25, 2018, 8:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.