Could not find the error in logstash CONF

I have a logstash configuration which has the below error...

[2016-12-26T01:24:22,031][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, => at line 47, column 17 (byte 2592) after filter { .....

my configuration is

input {
  file {
    path => [ "C:\Users\547213\elk\tutorialdata\www4\accesslogwithmultipleGROKpattern.LOG" ]
    type => "accesslogwithmultipleGROKpattern"
    start_position => "beginning"
  }
}
 
filter {
  grok{
	match => { 'message' => '%{IP:IP Address} \- \- \[%{MONTHDAY}/%{MONTH}/%{YEAR}:%{TIME}\] \"%{WORD:Method} \/%{DATA:Page}\?%{GREEDYDATA:PageMessage}'}
}

if[Page] == "product.screen" {
  grok {
        match => { 'PageMessage' => 'productId=%{DATA:ProductID}\&JSESSIONID=%{DATA:JSessionID} %{WORD:Protocol} %{BASE16FLOAT:HTTPVersion}\" %{INT:StatusCode} %{INT:SizeoftheObjectReturned} \"%{URI}\" \"%{WORD:BrowserProduct}\/%{BASE16FLOAT:BrowserVersion} \(%{GREEDYDATA:PlatformAndConfiguration}\" %{INT:ActionCode} '}
  }

if[Page] == "cart.do" {
  grok {
        match => { 'PageMessage' => 'action=%{DATA:Action}\&itemId=%{DATA:ItemID}\&productId=%{DATA:ProductId}\&JSESSIONID=%{DATA:JSessionID} %{WORD:Protocol} %{BASE16FLOAT:HTTPVersion}\" %{INT:StatusCode} %{INT:SizeoftheObjectReturned} \"%{URI}\" \"%{WORD:BrowserProduct}\/%{BASE16FLOAT:BrowserVersion} \(%{GREEDYDATA:PlatformAndConfiguration}\" %{INT:ActionCode} '}
  }

if[Page] == "oldlink" {
  grok {
        match => { 'PageMessage' => 'itemId=%{DATA:ItemID}\&JSESSIONID=%{DATA:JSessionID} %{WORD:Protocol} %{BASE16FLOAT:HTTPVersion}\" %{INT:StatusCode} %{INT:SizeoftheObjectReturned} \"%{URI}\" \"%{WORD:BrowserProduct}\/%{BASE16FLOAT:BrowserVersion} \(%{GREEDYDATA:PlatformAndConfiguration}\" %{INT:ActionCode} '}
  }

if[Page] == "category.screen" {
  grok {
        match => { 'PageMessage' => 'categoryId=%{DATA:CategoryId}\&JSESSIONID=%{DATA:JSessionID} %{WORD:Protocol} %{BASE16FLOAT:HTTPVersion}\" %{INT:StatusCode} %{INT:SizeoftheObjectReturned} \"%{URI}\" \"%{WORD:BrowserProduct}\/%{BASE16FLOAT:BrowserVersion} \(%{GREEDYDATA:PlatformAndConfiguration}\" %{INT:ActionCode} '}
  }

if[Page] == "cart/success.do" {
  grok {
        match => { 'PageMessage' => 'JSESSIONID=%{DATA:JSessionID} %{WORD:Protocol} %{BASE16FLOAT:HTTPVersion}\" %{INT:StatusCode} %{INT:SizeoftheObjectReturned} \"%{URI}\" \"%{WORD:BrowserProduct}\/%{BASE16FLOAT:BrowserVersion} \(%{GREEDYDATA:PlatformAndConfiguration}\" %{INT:ActionCode} '}
  }

if[Page] == "error.do" {
  grok {
        match => { 'PageMessage' => 'msg=%{WORD:ErrorMessage}\&JSESSIONID=%{DATA:JSessionID} %{WORD:Protocol} %{BASE16FLOAT:HTTPVersion}\" %{INT:StatusCode} %{INT:SizeoftheObjectReturned} \"%{URI}\" \"%{WORD:BrowserProduct}\/%{BASE16FLOAT:BrowserVersion} \(%{GREEDYDATA:PlatformAndConfiguration}\" %{INT:ActionCode} '}
}
}
}

output {
  elasticsearch { hosts => ["localhost:9200"] }
  stdout { codec => rubydebug }
}

The line 47 column 17 is elasticsearch { hosts => ["localhost:9200"] } in output plugin

I tried different ways to solve but nothing works. Could anyone help solving this?

Thank you.

As far as I can tell, the curly braces in your filter block does not seem to match up properly.

Yea, you need to add some closing braces before:

Thank you Christian.. got it and i have cleared.

Thank you slinky

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.