Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main

BigAlbert · November 19, 2018, 6:04pm

Hi

I'm using logstash-6.5.0, following is cat /usr/local/logstash-6.5.0/config/logstash.conf
input
{
file {
path => "/usr/src/myprod/mylog.startup-1.0.0.log"
type => "logs"
start_position => "beginning"
}

}

filter
{
grok{
match => {
"message" => "%{COMBINEDAPACHELOG}"
}
}
mutate{
convert => { "bytes" => "integer" }
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
remove_field => "timestamp"
}
geoip {
source => "clientip"
}
useragent {
source => "agent"
target => "useragent"
}
}

output
{
stdout {
codec => dots
}

    output {
    elasticsearch {
            hosts => ["172.18.0.5:9200"]
            index => "myprod"
    }

}

executing bin/logstash -f config/logstash.conf (from /usr/local/logstash-6.5.0), will cause :
Sending Logstash logs to /usr/local/logstash-6.5.0/logs which is now configured via log4j2.properties
[2018-11-19T17:55:13,319][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/usr/local/logstash-6.5.0/data/queue"}
[2018-11-19T17:55:13,326][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/usr/local/logstash-6.5.0/data/dead_letter_queue"}
[2018-11-19T17:55:13,610][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-11-19T17:55:13,619][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.5.0"}
[2018-11-19T17:55:13,642][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"77e0fd7d-446e-4dd1-b2cd-6bb2264cf34f", :path=>"/usr/local/logstash-6.5.0/data/uuid"}
[2018-11-19T17:55:14,702][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 43, column 16 (byte 527) after output\n{\n\tstdout {\n\t\tcodec => dots\n\t}\n\n\toutput {\n\telasticsearch ", :backtrace=>["/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:149:ininitialize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline.rb:22:in initialize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline.rb:90:ininitialize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline_action/create.rb:42:in block in execute'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/agent.rb:92:inblock in exclusive'", "org/jruby/ext/thread/Mutex.java:148:in synchronize'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/agent.rb:92:inexclusive'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/pipeline_action/create.rb:38:in execute'", "/usr/local/logstash-6.5.0/logstash-core/lib/logstash/agent.rb:317:inblock in converge_state'"]}
[2018-11-19T17:55:14,942][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Am I missing something here ??

THX

wwalker · November 19, 2018, 10:12pm

Hard to tell specifically where the error is pointing because your copy/pasted config isn't the same as what you are using. It's saying there's a problem on line 43 at character 16, but if I copy/paste your config into notepad++, it comes out to 39 lines.

However, if I had to guess, it's a problem with your output:

output {
  stdout {
    codec => dots
  }
  output {
    elasticsearch {
      hosts => ["172.18.0.5:9200"]
      index => "myprod"
    }
}

You're stating output nested inside another output. What you'd want to do is just list the output plugins one after the other like you do with your filter.

output {
  stdout {
    codec => dots
  }
  elasticsearch {
    hosts => ["172.18.0.5:9200"]
    index => "myprod"
  }
}

Christian_Dahlqvist · November 19, 2018, 10:30pm

You have an output block within an output block, probably due to a missing curly brace.

BigAlbert · November 20, 2018, 12:01pm

You werre right - Thx!!

system · December 18, 2018, 12:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError" Logstash	3	366	August 29, 2019
Failed to execute action error on windows Logstash	3	554	April 4, 2019
Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, ,, ] Logstash	4	2710	January 18, 2019
Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil} Logstash	6	12430	September 21, 2020
Failed to execute action : Logstash : Pipeline action create error Logstash	2	745	October 24, 2019

Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main

Related Topics