I installed and configured ELK in a CentOS environment.
I have been using the following command to run logstash in the foreground and it works perfectly.
Now I want to implement it into the production environment and hence I would like to run the logstash service in the background by which I did tried to run it with
But logstash doesn't seem to work if I am not running it in the foreground and there's also no log generated as well if I run with systemctl start logstash.
Another thing is that I have also made some changes to the default logstash.yml file to increase the batch.size, batch.delay and etc but logstash doesn't capture the changes when I run ./usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf.
I have been trying to solve this for the past few days and I need help on this. Thank you so much.
If it works when you start it like that, but not as a service, it might be a permissions issue, e.g. your log directory being writable by root, but not by the Logstash user.
I would use chown -R on the relevant folders to make sure that really no file is forgotten, try it again and check the logstash log directory and syslog. But if it really doesn't say anything anywhere, it's difficult to debug.
Maybe you could run sudo -u logstash /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf. If that works, it's probably something about the config, not the user, that keeps it from working?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
