Errors in while starting Logstash

script007 · January 31, 2018, 11:42am

I feel something is not right in my conf file. Ant help. I am not able to start this conf file.
Conf File:

input {
file {
path => "/data/es/snmp/stage/snmp.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => [ "Date","Time","Block","Name","IP","Device","Sr.No","Alert Message" ]
}
mutate { merge ==> ["Date","Time]}

date {
match => [ "Date", "dd-MMM-YYYY HH:mm:ss" ]
locale => "en"
remove_field => [ "Date" ]
}
mutate {
convert => { "Block" => "float" }
convert => { "Name" => "float" }
convert => { "IP" => "float" }
convert => { "Device" => "float" }
convert => { "Sr.No" => "float" }
convert => { "Alert Message" => "float" }
}
}
output {
elasticsearch {
action => "index"
hosts => ['localhost:9200']
index => "alerts"
workers => 1
}
stdout {}
}

Error Message

[2018-01-31T11:40:09,441][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2018-01-31T11:40:09,448][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-01-31T11:40:09,907][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-01-31T11:40:10,148][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, => at line 13, column 16 (byte 248) after filter {
csv {
separator => ","
columns => [ "Date","Time","Block","Name","IP","Device","Sr.No","Alert Message" ]
}
mutate { merge

Any help - appreciated.
CS

Christian_Dahlqvist · January 31, 2018, 11:45am

Looks like Time is missing a closing ".

script007 · January 31, 2018, 11:50am

Thanks Christian,
I've added the ending ", still errors as below.
=====[2018-01-31T11:47:13,585][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2018-01-31T11:47:13,589][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2018-01-31T11:47:13,872][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-01-31T11:47:14,322][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9608}
[2018-01-31T11:47:14,406][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 13, column 16 (byte 248) after filter {\ncsv {\nseparator => ","\ncolumns => [ "Date","Time","Block","Name","IP","Device","Sr.No","Alert Message" ]\n}\nmutate { merge ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:42:in compile_ast'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:50:incompile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:54:in compile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:12:inblock in compile_sources'", "org/jruby/RubyArray.java:2486:in map'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:incompile_sources'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:107:in compile_lir'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:49:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:215:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:35:inexecute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:335:in block in converge_state'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:inwith_pipelines'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:332:in block in converge_state'", "org/jruby/RubyArray.java:1734:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:319:in converge_state'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:166:inblock in converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in with_pipelines'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:164:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:90:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}

Christian_Dahlqvist · January 31, 2018, 11:55am

The error message points you to the line. Looks like you also have a ==> instead of => which I did not spot before.

script007 · January 31, 2018, 12:04pm

Spot on... Christian
Both your suggestions are 100% ..
Appreciated your help
Have a good day.

Regards
CS

system · February 28, 2018, 12:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash:ERROR][logstash.config.sourceloader Logstash	6	1223	November 25, 2018
Logstash error in config file Logstash	8	22890	December 30, 2017
Unknown error - when using config file Logstash	4	585	January 2, 2019
Logstash.conf error Logstash	2	221	November 4, 2021
Error parsing logs in Logstash Logstash	3	785	April 3, 2018

Errors in while starting Logstash

I feel something is not right in my conf file. Ant help. I am not able to start this conf file. Conf File:

Related topics

I feel something is not right in my conf file. Ant help. I am not able to start this conf file.
Conf File: