Help with Logstash conf

Faenor2105 · March 27, 2018, 12:07pm

Hi there. I'm new in ELK theme.
Can you help me to make right logstash config file? Right now i have many errors like this:

[2018-03-27T11:27:37,900][ERROR][logstash.filters.grok    ] Unknown setting 'pattern' for grok
[2018-03-27T11:27:37,978][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Something is wrong with your configuration.", :backtrace=>["/opt/bitnami/logstash/logstash-core/lib/logstash/config/mixin.rb:89:in `config_init'", "/opt/bitnami/logstash/logstash-core/lib/logstash/filters/base.rb:128:in `initialize'", "/opt/bitnami/logstash/logstash-core/lib/logstash/filter_delegator.rb:22:in `initialize'", "/opt/bitnami/logstash/logstash-core/lib/logstash/plugins/plugin_factory.rb:87:in `plugin'", "/opt/bitnami/logstash/logstash-core/lib/logstash/pipeline.rb:112:in `plugin'", "(eval):12:in `<eval>'", "org/jruby/RubyKernel.java:994:in `eval'", "/opt/bitnami/logstash/logstash-core/lib/logstash/pipeline.rb:84:in `initialize'", "/opt/bitnami/logstash/logstash-core/lib/logstash/pipeline.rb:169:in `initialize'", "/opt/bitnami/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:40:in `execute'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:315:in `block in converge_state'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:312:in `block in converge_state'", "org/jruby/RubyArray.java:1734:in `each'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:299:in `converge_state'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:166:in `block in converge_state_and_update'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:164:in `converge_state_and_update'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:90:in `execute'", "/opt/bitnami/logstash/logstash-core/lib/logstash/runner.rb:348:in `block in execute'", "/opt/bitnami/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}

here is my config file:
input {
file {
type => "Wildfly"
path => ["/opt/bitnami/logstash/tmp/.txt" ]
exclude => [ ".gz", ".zip", ".rar" ]
start_position => "end"
stat_interval => 1
discover_interval => 30
}
}
filter {
grok {
type => "Wildfly"
patterns_dir => "/opt/bitnami/logstash/patterns/"
pattern => "%{NUMBER:size} %{TIMESTAMP:time} %{WORD:TYPE} %{WORD:Message}"
}
}
output
{

    elasticsearch
    {
        hosts => ["localhost:9200"]
        document_id => "%{logstash_checksum}"
        index => "logstash-%{+YYYY.MM.dd}"
    }
            
}

and here is example of log file, which i need to parse into elasticsearch and Kibana

<20136> <2018.01.24 00:07:06:16> <INFO> app version: 1.0.4
<20143> <2018.01.24 00:07:06:16> <INFO> Running reports test: FO_002_028_report_Comparsion (name) (002)
<20150> <2018.01.24 00:07:06:16> <INFO> decriptor of report: uuid=debe5c84-b0bd-4fc6-aa0a-b33869d430d7, version=07.03.2016 10.23.14.520
<20190> <2018.01.24 00:07:06:16> <INFO> parametr mobileConfig=undefined
<20229> <2018.01.24 00:07:06:16> <INFO> loading http://budget.ru/static-report/web/report-desktop-war.html?reportId=debe5c84-b0bd-4fc6-aa0a-b33869d430d7&version=07.03.2016%2010.23.14.520&device=Desktop&debug=true
<20236> <2018.01.24 00:07:06:16> <INFO> Creating frame
<20437> <2018.01.24 00:07:36:136> <ERROR> WRFT-0008. Error for WebReports.

Using Bitnami "ELK 6.2.2-0"
Please help me! I understand, what for many of you it's should be very easy... But i need help and i will learn. And sorry for my English too)

rcowart · March 27, 2018, 12:37pm

When you get errors like this, it is good to double-check the docs...
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html

Your error is Unknown setting 'pattern'

pattern is not a valid attribute. You need match
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html#plugins-filters-grok-match

Faenor2105 · March 27, 2018, 1:10pm

Thank you Robert, i deleted "pattern" and updated grok filter. Now it looks like this:
filter {
grok {
match => { "message" => "%{NUMBER:size} %{WORD:TYPE} %{WORD:Message}" }
}
}

With this command "logstash -f /opt/bitnami/logstash/conf/systemLog.conf" i didn't receive any errors.
One more question!
Please help me to build good working filter for my local logs to catch errors?

system · April 24, 2018, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash configuration file error filtering Logstash	6	1245	February 27, 2019
Works in Grok Debugger but not in logstash config file Logstash	2	515	January 8, 2019
Something is wrong with you config Logstash	4	390	July 8, 2019
Issue while starting logstash Logstash	3	757	March 7, 2019
Logstash goes wrong after add filter Logstash	27	1899	August 18, 2021

Help with Logstash conf

Related topics