Getting error for sincedb_path in window 7

anujjai · February 18, 2019, 10:00pm

HI ,
My config is below
input {
file {
path => "C:/Anuj/ElasticSearch/DMS_GTX-Process_Archive.log"
start_position => "beginning"
sincedb_path => "C:/dev/null/logdbpath.txt"
sincedb_write_interval => 10
}
}
filter {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP :timestamp} GMT %{NUMBER:num} %{USERNAME:Application} User [%{USERNAME :BWuser}] - %{USERNAME :job} [(?[a-zA-Z0-9./\s]+)]:%{GREEDYDATA:Log}" }
}
geoip {
source => "clientip"

i am getting below error weather i use sincedb_path => "C:/dev/null/logdbpath.txt" or remove the sincedb_path in logstash 6.5.4 in window 7
below is the error in console when i do not use sincedb_path

Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<ArgumentError: The "sincedb_path" argument must point to a file, received a directory: "/dev/null">, :backtrace=>["C:/Anuj/ElasticSearch/logstash-6.5.4/vendor/bundle/jruby/2.3.0/gems/logstash-input-file-4.1.8/lib/logstash/inputs/file.rb:280:in register'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:242:inregister_plugin'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:253:in block in register_plugins'", "org/jruby/RubyArray.java:1734:ineach'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:253:in register_plugins'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:396:instart_inputs'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:294:in start_workers'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:200:inrun'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:160:in `block in start'"], :thread=>"#<Thread:0x46a0759 run>"}
[2019-02-18T13:48:11,513][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
[2019-02-18T13:48:12,433][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

when i use sincedb_path i am getting below error:
Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::File start_position=>"beginning", path=>["C:\\Anuj\\ElasticSearch\\apache-daily-access.log"], id=>"9bcb27f7f5896ab49bb3f04a8e55bf2014c540b984adaa730cc5b1d4c818f56e", sincedb_path=>"/dev/null", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_4ab1ca26-a0af-4af3-938b-e2fcacdae12d", enable_metric=>true, charset=>"UTF-8">, stat_interval=>1.0, discover_interval=>15, sincedb_write_interval=>15.0, delimiter=>"\n", close_older=>3600.0, mode=>"tail", file_completed_action=>"delete", sincedb_clean_after=>1209600.0, file_chunk_size=>32768, file_chunk_count=>140737488355327, file_sort_by=>"last_modified", file_sort_direction=>"asc">", :error=>"The "sincedb_path" argument must point to a file, received a directory: "/dev/null"", :thread=>"#<Thread:0x345380c7 run>"}
[2019-02-18T12:02:31,119][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<ArgumentError: The "sincedb_path" argument must point to a file, received a directory: "/dev/null">, :backtrace=>["C:/Anuj/ElasticSearch/logstash-6.5.4/vendor/bundle/jruby/2.3.0/gems/logstash-input-file-4.1.8/lib/logstash/inputs/file.rb:280:in register'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:242:inregister_plugin'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:253:in block in register_plugins'", "org/jruby/RubyArray.java:1734:ineach'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:253:in register_plugins'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:396:instart_inputs'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:294:in start_workers'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:200:inrun'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:160:in `block in start'"], :thread=>"#<Thread:0x345380c7 run>"}
[2019-02-18T12:02:31,152][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}

Badger · February 18, 2019, 10:05pm

On Windows, if you do not want a persistent sincedb, set

sincedb_path => "NUL"

If you want a sincedb, I cannot think of a worse directory to place it in that C:/dev/null. It will confuse everyone. Just use the default location and remove the sincedb_path option.

anujjai · February 18, 2019, 10:29pm

Hi ,
After changing the configuration to sincedb_path => "NUL"
i am getting below error #<ArgumentError: The "sincedb_path" argument must point to a file, received a directory: "/dev/null">
not able to see index getting created in elastic search.

Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2019-02-18T14:25:56,600][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]}
[2019-02-18T14:25:56,628][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2019-02-18T14:25:56,691][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2019-02-18T14:25:56,964][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"C:/Anuj/ElasticSearch/logstash-6.5.4/vendor/bundle/jruby/2.3.0/gems/logstash-filter-geoip-5.0.3-java/vendor/GeoLite2-City.mmdb"}
[2019-02-18T14:25:57,535][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::File start_position=>"beginning", path=>["C:\\Anuj\\ElasticSearch\\apache-daily-access.log"], id=>"9bcb27f7f5896ab49bb3f04a8e55bf2014c540b984adaa730cc5b1d4c818f56e", sincedb_path=>"/dev/null", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_a42f75ea-7ef8-4e8c-9a5e-631802da8388", enable_metric=>true, charset=>"UTF-8">, stat_interval=>1.0, discover_interval=>15, sincedb_write_interval=>15.0, delimiter=>"\n", close_older=>3600.0, mode=>"tail", file_completed_action=>"delete", sincedb_clean_after=>1209600.0, file_chunk_size=>32768, file_chunk_count=>140737488355327, file_sort_by=>"last_modified", file_sort_direction=>"asc">", :error=>"The "sincedb_path" argument must point to a file, received a directory: "/dev/null"", :thread=>"#<Thread:0x2ca871df run>"}
[2019-02-18T14:25:58,634][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<ArgumentError: The "sincedb_path" argument must point to a file, received a directory: "/dev/null">, :backtrace=>["C:/Anuj/ElasticSearch/logstash-6.5.4/vendor/bundle/jruby/2.3.0/gems/logstash-input-file-4.1.8/lib/logstash/inputs/file.rb:280:in register'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:242:inregister_plugin'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:253:in block in register_plugins'", "org/jruby/RubyArray.java:1734:ineach'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:253:in register_plugins'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:396:instart_inputs'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:294:in start_workers'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:200:inrun'", "C:/Anuj/ElasticSearch/logstash-6.5.4/logstash-core/lib/logstash/pipeline.rb:160:in `block in start'"], :thread=>"#<Thread:0x2ca871df run>"}
[2019-02-18T14:25:58,663][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
[2019-02-18T14:25:59,429][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

Badger · February 18, 2019, 11:17pm

Do you have a second configuation file in the directory that contains the configuration? If -f points to a directory logstash will concatenate all the files to create a configuration. So if you have test.conf and test.conf.backup it will read both.

anujjai · February 19, 2019, 12:27am

Thanks It worked .i had another configuration file as well in same location.

system · March 19, 2019, 12:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.