Documented Logstash X-pack config breaks Logstash

The official Elasticsearch output plugin documentation (https://www.elastic.co/guide/en/x-pack/current/logstash.html) says that username and password should be added to each of input {}, filter {}, and the Elasticsearch output. However, when using the documented config, Logstash refuses to start.

When username/password is added to the input{} section, the log says:
[2017-06-15T12:19:22,223][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, { at line 10, column 8 (byte 112) after input {\n tcp {\n port => 5000\n type => syslog\n }\n udp {\n port => 5000\n type => syslog\n }\n user "}

When username/password is added to the filter{} section, the log says:
[2017-06-15T12:23:32,696][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, { at line 25, column 8 (byte 603) after filter {\n if [type] == \"syslog\" {\n grok {\n match => { \"message\" => \"%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\\[%{POSINT:syslog_pid}\\])?: %{GREEDYDATA:syslog_message}\" }\n add_field => [ \"received_at\", \"%{@timestamp}\" ]\n add_field => [ \"received_from\", \"%{host}\" ]\n }\n date {\n match => [ \"syslog_timestamp\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\" ]\n }\n }\n user "}

Please update the documentation.

You are correct, the samples in the documentation are not very clear.

You only need to add user and password if you are using the elasticsearch input and filter plugins. In your case it looks like you're using the tcp input and grok filter, so no configuration changes are needed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.