Hi I am new to the ELK framework. Recently started to setup Logstash to parse them and push to elasticsearch.
But I am facing the following error everytime i try to run it with my conf file.
Tried a lot of options discussed in other threads but didnt helped.
My conf file is :
input {
file {
path => ["C:/var/logs/Debug_2019-02-06.00.log"]
}
}
filter {
grok{
patterns_dir => ["C:/HOMEWARE/ELK/logstash-6.6.0/patterns"]
match => ["message","%{CSTMDATE:loggedTime}%{SPACE}-%{SPACE}%{LOGLEVEL:logLevel}:%{GREEDYDATA:message}" ]
}
date {
match => [ "loggedTime", "yyyy-MM-dd HH:mm:ss.SSSS" ]
target => "loggedTime"
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
}
stdout { codec => rubydebug }
My Pattern file :
CSTMDATE (?>\d\d){1,2}-(?:0[1-9]|1[0-2])-(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]).(?:2[0123]|[01]?[0-9]):(?:[0-5][0-9]):(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)
Sample log I want to parse :
2019-02-05 02:00:00.0105 - INFO: Job Started Running for the date : 2/4/2019 2:00:00 AM
I always get the following error :
[2019-02-07T14:34:40,663][ERROR][logstash.pipeline ] Error registering plugin {:pipeline_id=>"main", :plugin=>"<LogStash::Inputs::File path=>["‪C:/var/logs/Debug_2019-02-06.00.log"], id=>"9b3b03f402ec598b32c86c8faa6efe8ae3a857189526f4fa2bf780987029126d", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_121be750-5188-419b-8588-dfd96f60c629", enable_metric=>true, charset=>"UTF-8">, stat_interval=>1.0, discover_interval=>15, sincedb_write_interval=>15.0, start_position=>"end", delimiter=>"\n", close_older=>3600.0, mode=>"tail", file_completed_action=>"delete", sincedb_clean_after=>1209600.0, file_chunk_size=>32768, file_chunk_count=>140737488355327, file_sort_by=>"last_modified", file_sort_direction=>"asc">", :error=>"no implicit conversion from nil to integer", :thread=>"#<Thread:0x79718eef run>"}
[2019-02-07T14:34:40,740][ERROR][logstash.pipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<TypeError: no implicit conversion from nil to integer>, :backtrace=>["org/jruby/RubyString.java:2995:in []'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/pathname.rb:44:inchop_basename'", "uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/pathname.rb:240:in relative?'", "C:/HOMEWARE/ELK/logstash-6.6.0/vendor/bundle/jruby/2.3.0/gems/logstash-input-file-4.1.9/lib/logstash/inputs/file.rb:268:inblock in register'", "org/jruby/RubyArray.java:1734:in each'", "C:/HOMEWARE/ELK/logstash-6.6.0/vendor/bundle/jruby/2.3.0/gems/logstash-input-file-4.1.9/lib/logstash/inputs/file.rb:267:inregister'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:242:in register_plugin'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:253:inblock in register_plugins'", "org/jruby/RubyArray.java:1734:in each'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:253:inregister_plugins'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:396:in start_inputs'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:294:instart_workers'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:200:in run'", "C:/HOMEWARE/ELK/logstash-6.6.0/logstash-core/lib/logstash/pipeline.rb:160:inblock in start'"], :thread=>"#<Thread:0x79718eef run>"}
[2019-02-07T14:34:40,767][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
Please help me.