Hi
I'm using logstash-6.5.0, following is cat /usr/local/logstash-6.5.0/config/logstash.conf
input
{
file {
path => "/usr/src/myprod/mylog.startup-1.0.0.log"
type => "logs"
start_position => "beginning"
}
}
filter
{
grok{
match => {
"message" => "%{COMBINEDAPACHELOG}"
}
}
mutate{
convert => { "bytes" => "integer" }
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
remove_field => "timestamp"
}
geoip {
source => "clientip"
}
useragent {
source => "agent"
target => "useragent"
}
}
output
{
stdout {
codec => dots
}
output {
elasticsearch {
hosts => ["172.18.0.5:9200"]
index => "myprod"
}
}
executing bin/logstash -f config/logstash.conf (from /usr/local/logstash-6.5.0), will cause :
Sending Logstash logs to /usr/local/logstash-6.5.0/logs which is now configured via log4j2.properties
[2018-11-19T17:55:13,319][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/local/logstash-6.5.0/data/queue"}
[2018-11-19T17:55:13,326][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/local/logstash-6.5.0/data/dead_letter_queue"}
[2018-11-19T17:55:13,610][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-11-19T17:55:13,619][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.0"}
[2018-11-19T17:55:13,642][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"77e0fd7d-446e-4dd1-b2cd-6bb2264cf34f", :path=>"/usr/local/logstash-6.5.0/data/uuid"}
[2018-11-19T17:55:14,702][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 43, column 16 (byte 527) after output\n{\n\tstdout {\n\t\tcodec => dots\n\t}\n\n\toutput {\n\telasticsearch ", :backtrace=>["/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:149:ininitialize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline.rb:90:ininitialize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline_action/create.rb:42:in block in execute'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/agent.rb:92:inblock in exclusive'", "org/jruby/ext/thread/Mutex.java:148:in synchronize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/agent.rb:92:inexclusive'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline_action/create.rb:38:in execute'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/agent.rb:317:inblock in converge_state'"]}
[2018-11-19T17:55:14,942][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
Am I missing something here ??
THX