Hi,
I'm new on Elastic Stack but there is a problem with my logstash service.
Without any configuration (or with a basic configuration), there is a heavy CPU usage when i start logstash, my server hanging:
If i stop logstash, Load Average slow immediatly. I didn't touch any config file, and if i create a conf in conf.d, problem still here.
Versions:
CentOS Linux release 7.4.1708 (Core)
Logstash 5.6.3
Any idea?
Thanks! 
What do the Logstash logs show?
Same issue, somewhat disappointed that there isn't further activity here, since I too am on a bone-stock clean install of Cent 7 - updated to current and running oracle JVM 8 64-bit (also does the same on OpenJDK 8)
[2017-11-19T02:01:44,837][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[2017-11-19T02:01:44,840][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[2017-11-19T02:01:45,077][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2017-11-19T02:01:45,277][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/etc/logstash/conf.d/*.conf"}
[2017-11-19T02:01:45,355][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
This sequence keeps repeating.
Two worker threads, 200% CPU utilization. doesn't seem right since there's literally NO config, no input, nothing.
I have the same issue and also created a topic Logstash 6 not working after fresh service install
This behavior also occurs, when running logstash as service in Ubuntu.
Welp, simply enough, you gotta have a pipeline. You can't just have a fresh install and start it up and expect it to run quietly - it constantly checks for something to do and because there's no pipeline, logstash goes into an infinite loop of re-initializing - which consumes the entire CPU allocation.
I created a simple config to tail the /var/log/messages file and shove it into elasticsearch, and because obvious, logstash is running quietly and happily, sending my system log to elasticsearch.
May as well close.
I do think it's kind of strange for it to behave that way - it's not immediately obvious that one should have at least one working pipeline in place for it to just run quietly.
I'm still working through reading the reference docs, there is quite a lot to digest for a noob who has been spoiled by Splunk 
The high CPU is probably JRuby JIT compiling at startup.
If logstash starts without a pipeline, it exits. Then the service manager notices this and starts it. Until a config is found, this will repeat.
In LS 6 there are many potential sources of configs when none are specified with -f or -e on the command line.
logstash.yml
pipelines.yml
path.config in logstash.yml
config.string in logstash.yml
While the service continually restarts, one can fully edit any of the above settings and Logstash will just start working (if the config is found and is valid).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.