When starting Logstash, I get the following error:
[2019-10-03T23:04:46,420][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-10-03T23:04:46,431][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2019-10-03T23:04:47,189][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, input, filter, output at line 3, column 5 (byte 37) after # Apache B2B access filter\n\n ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2019-10-03T23:04:47,533][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-10-03T23:04:52,401][INFO ][logstash.runner ] Logstash shut down.
My logstash.conf file:
if [type] == "apache_b2b_access_log" {
mutate {
replace => { 'host' => 'webserver.datacentre.example.com' }
add_field => { 'environment' => 'production'
'service' => 'apache_proxy'
}
}
grok {
match => {
"message" => "(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}),%{SPACE}%{IPORHOST:clientip},%{SPACE}%{NUMBER:port},%{SPACE}%{NUMBER:start_time},%{SPACE}%{NUMBER:end_time},%{SPACE}(?:%{NUMBER:bytes_delivered}|.*),%{SPACE}(?:%{WORD:reference}|.*),%{SPACE}%{WORD:method},%{SPACE}%{NUMBER:status_code},%{SPACE}%{URIPATHPARAM:request_uri},%{SPACE}%{GREEDYDATA:general_data}"
}strong text
}
date {
match => ["timestamp", "YYYY-MM-dd HH:mm:ss"]
target => "@timestamp"
}
}
# Elastic setup
output {
elasticsearch {
hosts => ["localhost:9200"]
# Weekly index (for pruning)
index => "mw-log-index-%{+YYYY.'w'ww}"
}
stdout { codec => rubydebug }
}
I have got that logstash.conf
file for ages... and maybe with the new version of logstash some parameters have changed?
Thanks!