I have installed ELK version 5.4.1. Everything went well but for some reason, filebeat cannot send logs to logstash.
2017-06-14T13:59:57+03:00 INFO No non-zero metrics in the last 30s
2017-06-14T14:00:27+03:00 INFO No non-zero metrics in the last 30s
2017-06-14T14:00:46+03:00 ERR Connecting error publishing events (retrying): dial tcp [::1]:5044: getsockopt: connection refused
2017-06-14T14:00:57+03:00 INFO No non-zero metrics in the last 30s
2017-06-14T14:01:27+03:00 INFO No non-zero metrics in the last 30s
2017-06-14T14:01:46+03:00 ERR Connecting error publishing events (retrying): dial tcp [::1]:5044: getsockopt: connection refused
2017-06-14T14:01:57+03:00 INFO No non-zero metrics in the last 30s
2017-06-14T14:02:27+03:00 INFO No non-zero metrics in the last 30s
2017-06-14T14:02:46+03:00 ERR Connecting error publishing events (retrying): dial tcp [::1]:5044: getsockopt: connection refused
2017-06-14T14:02:57+03:00 INFO No non-zero metrics in the last 30s
To add on that, Logstash is not listening on any port. I expected it to listen to port 5044 as configured in filebeat .yml file.
output.logstash:
The Logstash hosts
hosts: ["localhost:5044"]
bulk_max_size: 2048
Optional SSL. By default is off.
List of root certificates for HTTPS server verifications
Here is the log from /var/log/logstash/logstash-plain.log
[2017-06-14T14:53:07,758][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/var/lib/logstash/queue" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:433:in validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:216:invalidate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:132:in validate_all'", "org/jruby/RubyHash.java:1342:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:131:in validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:217:inexecute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:185:inrun'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in(root)'"]}
[2017-06-14T14:53:37,542][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/var/lib/logstash/queue" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:433:in validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:216:invalidate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:132:in validate_all'", "org/jruby/RubyHash.java:1342:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:131:in validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:217:inexecute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:185:inrun'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in(root)'"]}
As the error message indicates Logstash doesn't start up, but your log snippet is incomplete. In you look in your log, what comes after :error=># on the first line?
Please post your Logstash configuration as requested earlier.
@magnusbaeck I took a screenshot because the text after :error=> and before :backtrace=> was getting ommited upon pasting in the editor... Anyhow, Yes /var/lib/logstash/queue is writeable only to the user , in this case, root.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
