Error when starting up Logstash

sud0 · October 3, 2019, 11:11pm

When starting Logstash, I get the following error:

[2019-10-03T23:04:46,420][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-10-03T23:04:46,431][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2019-10-03T23:04:47,189][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, input, filter, output at line 3, column 5 (byte 37) after     # Apache B2B access filter\n\n    ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2019-10-03T23:04:47,533][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2019-10-03T23:04:52,401][INFO ][logstash.runner          ] Logstash shut down.

My logstash.conf file:

    if [type] == "apache_b2b_access_log" {

        mutate {
            replace => { 'host' => 'webserver.datacentre.example.com' }
            add_field => { 'environment' => 'production'
                           'service' => 'apache_proxy'
            }
        }

        grok {
            match => {
                "message" => "(?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}%{SPACE}%{TIME}),%{SPACE}%{IPORHOST:clientip},%{SPACE}%{NUMBER:port},%{SPACE}%{NUMBER:start_time},%{SPACE}%{NUMBER:end_time},%{SPACE}(?:%{NUMBER:bytes_delivered}|.*),%{SPACE}(?:%{WORD:reference}|.*),%{SPACE}%{WORD:method},%{SPACE}%{NUMBER:status_code},%{SPACE}%{URIPATHPARAM:request_uri},%{SPACE}%{GREEDYDATA:general_data}"
            }strong text
        }

        date {
            match => ["timestamp", "YYYY-MM-dd HH:mm:ss"]
            target => "@timestamp"
        }
    }

# Elastic setup

output {
    elasticsearch {
        hosts => ["localhost:9200"]
        # Weekly index (for pruning)
        index => "mw-log-index-%{+YYYY.'w'ww}"
    }
    stdout { codec => rubydebug }
}

I have got that logstash.conf file for ages... and maybe with the new version of logstash some parameters have changed?

Thanks!

Badger · October 4, 2019, 1:06pm

That's not a valid logstash.conf (it never starts the filter section) and does not contain the text that logstash complains about, so clearly either the quote is incomplete or you have another file as part of your configuration.

sud0 · October 7, 2019, 1:30am

You're right... my logstash.conf file was not correct. After getting it fixed, logstash is working fine. Thanks!

system · November 4, 2019, 1:30am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error in Logstash Pipeline Logstash	5	1540	April 27, 2021
Error when running pipelines.yml Logstash	9	287	June 2, 2022
Error starting Logstash Logstash	7	535	September 30, 2022
Unable to run Logstash 7.9.2 as a service on Ubuntu 18.04 Logstash	16	2137	November 6, 2020
Why logstash does not start? Logstash	2	311	June 17, 2020

Error when starting up Logstash

Related Topics