Dead Letter Queue problem

kernelpanic · May 2, 2018, 3:06pm

Hello, I've attempted to add the dead letter queue to my configuration but when I restart logstash it fails to come back up, I've no doubt its something I'm doing wrong, hereis my relevant config:

###-INPUT-###
dead_letter_queue {
    path => "/usr/local/logstash/data/dead_letter_queue/" 
    type => deadletter
  }

###-FILTER-###

if [type] == "deadletter" {
   filter {
     mutate {
      remove_field => ["src_ip"] 
     }
   }
  }

###-OUTPUT-###

else if [type] == "deadletter" {
   elasticsearch {
    hosts => ["192.168.56.226:9200", "192.168.52.251:9200", "192.168.52.252:9200"]
    index => ["syslogcisco-%{+YYYY.MM.dd}"]
   }
  }

When I attempt to restart logstash I get the following error in the logstash log:

:backtrace=>["/usr/local/logstash/logstash-core/lib/logstash/pipeline.rb:60:ininitialize'", "/usr/local/logstash/logstash-core/lib/logstash/pipeline.rb:165:in initialize'", "/usr/local/logstash/logstash-core/lib/logstash/agent.rb:296:increate_pipeline'", "/usr/local/logstash/logstash-core/lib/logstash/agent.rb:95:in register_pipeline'", "/usr/local/logstash/logstash-core/lib/logstash/runner.rb:313:inexecute'", "/usr/local/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in run'", "/usr/local/logstash/logstash-core/lib/logstash/runner.rb:204:inrun'", "/usr/local/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "/usr/local/logstash/lib/bootstrap/environment.rb:71:in(root)'"]}`

I can get logstash to start properly only when I comment out the deadletter filter section.

Any help appreciated.

yaauie · May 3, 2018, 12:20am

Can you copy the whole error message? The line in the backtrace indicates that the config failed to parse, and it should give a more helpful reason.

kernelpanic · May 3, 2018, 9:11am

Thanks for getting back to me, its quite a large error message and exceeds the 7000 character limit on this forum; the best I could think of doing was to upload a screenshot of the error to this post.

system · May 31, 2018, 9:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configuring Logstash to Use Dead Letter Queues Logstash	9	5895	March 22, 2018
Dead Letter Queue and its usage Logstash	7	2037	August 12, 2019
Dead letter queue Logstash	2	926	September 23, 2017
Dead Letter Queue can't be enabled Logstash	3	2035	April 2, 2018
NameError with DLQ input plugin Logstash	3	1235	August 11, 2017

Dead Letter Queue problem

Related topics