Cannot get any output

jagan · May 4, 2017, 10:29am

HI All,
i recently upgraded to logstash-5.3.2.when i ran a 'x.conf' file in logstash i get the below message: INFO logstash.agent - Successfully started Logstash API endpoint {:port=>96000} but i could not see the output without anything displayed for some time an nothing can be moving forward.
could anybody suggest me how to resolve the issue.

Regards,
Jagan

warkolm · May 4, 2017, 10:34am

What's the entire config look like?

jagan · May 4, 2017, 11:14am

Thanks for the reply Mark,
the config file looks like this:
input {
file {
path => "/home/ubuntu/log/test.log-20170303"
#port => 5044
#ssl => false
#client_inactivity_timeout => "86400"
start_position => "beginning"
}

}

filter {
if [type] == "log" {
if "dev1" in [message] { drop{} }
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program} |%{NUMBER:epoch:int}|%{IP:ip}|%{GREEDYDATA:path}|%{GREEDYDATA:title}|%{GREEDYDATA:referrer}|%{NUMBER:uid}|%{GREEDYDATA:sid}|%{NUMBER:timer:int}|%{GREEDYDATA:cache}|%{GREEDYDATA:user_agent}|%{NUMBER:peak_memory:int}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
overwrite => [ "message" ]
}

   mutate {
   convert => [ "[geoip][coordinates]", "float"]
   }
   mutate {
   convert => { "timer" => "integer" }
   convert => { "epoch" => "integer" }
   convert => { "peak_memory" => "integer" }
   }
   useragent {
     source => "user_agent"
   }
   syslog_pri { }
   date {
     match => [ "epoch", "UNIX" ]
   }
 }

}

output {
if [type] == "log" {
elasticsearch {
hosts => ["localhost:9200"]
timeout => 30000
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
}

This is the line where logstash is stuck:
Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties....nothing moving forward from here..

Thanks,
jagan

warkolm · May 4, 2017, 11:19am

It's likely a sincedb issue then, try checking the docs and previous threads

Christian_Dahlqvist · May 4, 2017, 11:20am

You appear to have changed from a beats input to a file input. I therefore suspect that the metadata variables are no longer defined and that you end up with an invalid type, preventing anything to be written to Elasticsearch.

jagan · May 4, 2017, 11:36am

Yes Christian,
Actually the setup is done to move the data from filebeat-> Logstash-> elasticSearch, but it is not working, so i want to see if i can load directly from logstash to Elasticsearch?

Before this issue an index which is building is terminated in between, so can that create any ripples in the data loading issues?
Thanks once again!

elbesraoui_imane · May 10, 2017, 3:07pm

Hi jagan,
I have the same issue as you and it shows me the same thing :
Sending Logstash's logs to /usr/share/logstash/logs which is now configured via log4j2.properties
Could you suggest me how to resolve this if you have found any solutions.
Thanks

system · June 7, 2017, 3:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Nothing outputting at all Logstash	2	389	June 19, 2017
Logstash won't show output on console Logstash	9	525	February 11, 2020
Why is there no output in terminal? Logstash	5	1086	January 17, 2017
Logstash not show any output (again) Logstash	13	3199	July 6, 2017
Logstash not showing any output (SOLVED) Logstash	31	73147	July 6, 2017

Cannot get any output

Related topics