Could not send Elasticresearch via logstash

Elastic Stack Logstash
1

Want to send my original log for CPU usage to elasticsearch via logstash.

  1. Here is the log file
    pasth:/opt/dev/resource/cpu/log
    file name:result.log
    06/14/2020:22:30:02,41

2.logstash input file
input {
file {
path => "/opt/dev/resource/cpu/log/result.log"
start_position => beginning
}
}
filter {
grok {
match => [
"message" => "%{timestamp}",
"message" => "${CPU}"
}
date {
match => [ "timestamp" , "dd/MMM/yyyy HH:mm:ss" ]
}
mutate {
replace => { "type" => "cpu" }
}
}

output {
elasticsearch {
hosts => ["172.17.10.204:9200"]
index => "CPU"
}
}

  1. Execute log for logstash
    $ sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/apache-access_log.conf
    OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
    WARNING: An illegal reflective access operation has occurred
    WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.2.7.0.jar) to field java.io.FileDescriptor.fd
    WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
    WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
    WARNING: All illegal access operations will be denied in a future release
    WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
    Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
    [WARN ] 2020-06-14 22:40:09.289 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
    [INFO ] 2020-06-14 22:40:09.295 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.8.10"}
    [ERROR] 2020-06-14 22:40:09.937 [Converge PipelineAction::Create] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, ,, ] at line 10, column 19 (byte 160) after filter {\n grok {\n match => [\n "message" ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:in compile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2577:in map'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:151:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:90:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:43:in block in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:96:in block in exclusive'", "org/jruby/ext/thread/Mutex.java:165:in synchronize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:96:in exclusive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:39:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:334:in block in converge_state'"]}
    [INFO ] 2020-06-14 22:40:10.091 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
    [INFO ] 2020-06-14 22:40:15.141 [LogStash::Runner] runner - Logstash shut down.

Please help me.

2

It is unclear what you want this to mean, but it may be

grok {
    match => { "message" => [ "%{timestamp}", "${CPU}" ] }
}

And you may want to set break_on_match to false.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.