Hi,
We are trying to send Sensu events to Logstash using tcp handler but it doesn't seem to be working and it won't display the results to Kibana. We can't troubleshoot this properly because the logs in /var/log/logstash/logstash-plain.log isn't updating even if we try to restart the service (same issue w/ 78518). We are currently blocked in solving this issue so we'd appreciate if you can give us some advice on any misconfiguration and on how to troubleshoot and fix this. Thank you in advance!
# /etc/sensu/conf.d/check.json
{"checks": {
"CHECK": {
"type": "metric",
"command": "check-ports.rb -h 192.168.30.187 -p 3000,15672 -t 30",
"subscribers": ["ALL"],
"interval": 60,
"handlers": ["logstash"]
}
}
}
# /etc/sensu/conf.d/handler.json
{
"handlers": {
"logstash": {
"type": "tcp",
"socket": {
"host": "localhost",
"port": 5514
}
}
}
}
# /etc/logstash/conf.d/logstash.conf
input {
tcp {port => 5514
codec => json
}
}
filter {
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "%{[@metadata][sensu]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
# sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs to console
13:47:53.553 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
13:47:53.556 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
13:47:53.631 [[main]-pipeline-manager] WARN logstash.outputs.elasticsearch - Restored connection to ES instance {:url=>#<URI::HTTP:0x18ee27c5 URL:http://localhost:9200/>}
13:47:53.632 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Using mapping template from {:path=>nil}
13:47:53.800 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
13:47:53.804 [[main]-pipeline-manager] INFO logstash.outputs.elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>[#<URI::Generic:0x4837a52c URL://localhost:9200>]}
13:47:53.808 [[main]-pipeline-manager] INFO logstash.pipeline - Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250}
13:47:53.821 [[main]-pipeline-manager] INFO logstash.inputs.tcp - Automatically switching from json to json_lines codec {:plugin=>"tcp"}
13:47:53.824 [[main]-pipeline-manager] INFO logstash.inputs.tcp - Starting tcp input listener {:address=>"0.0.0.0:5514"}
13:47:53.832 [[main]-pipeline-manager] INFO logstash.pipeline - Pipeline main started
13:47:53.890 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
^C13:49:17.058 [SIGINT handler] WARN logstash.runner - SIGINT received. Shutting down the agent.
13:49:17.068 [LogStash::Runner] WARN logstash.agent - stopping pipeline {:id=>"main"}