Hi there I'm running locally Elastic Search 5.0.1 and Logstash 5.0.1.
This is my logstash filter:
input {
file {
path => "/Users/macosx/Desktop/logs/*"
start_position => "beginning"
ignore_older => 0
}
}
filter {
grok {
match => { "message" => "%{IP:ip} - - \[%{HTTPDATE:logtimestamp}\] \"(?:%{WORD:verb} %{URIPATHPARAM:url}(?: HTTP/%{NUMBER:httpversion})?|-)\" %{NUMBER:status} %{NUMBER:responseSize} %{QS} %{QS:agent} %{NUMBER:responseTime}" }
}
date {
match => [ "logtimestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}
And I don't know why this morning I'm receiving these errors:
[2016-12-09T11:27:25,861][INFO ][logstash.outputs.elasticsearch] retrying failed action with response code: 429 ({"type"=>"es_rejected_execution_exception", "reason"=>"rejected execution of org.elasticsearch.transport.TransportService$6@559cb813 on EsThreadPoolExecutor[bulk, queue capacity = 50, org.elasticsearch.common.util.concurrent.EsThreadPoolExecutor@58f5d835[Running, pool size = 8, active threads = 8, queued tasks = 50, completed tasks = 2312]]"})
OR
[2016-12-09T11:27:25,862][ERROR][logstash.outputs.elasticsearch] Action
I already ran this filter without any problem.... the logs are just some Apache logs
, this is a line of examples:
xx.xx.xx.xx - - [30/Nov/2016:01:00:02 +0100] "GET /api/family/044708164 HTTP/1.1" 200 994 "-" "Java/1.7.0_25" 14433
I must be worried or I can leave the logstash process going, because actually is inserting the data on elasticsearch but I never saw this error before.
Thanks a lot!!!