Journalctl logstash has issue "logstash.service: main process exited, code=exited, status=1/FAILURE"

Halo

i want to ask something about my logstash configuration.
i've already installed logstash and giving some configure in

/etc/logstash/logstash-sample.conf

and for the configuration is

input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash.crt"
ssl_key => "/etc/pki/tls/private/logstash.key"
}
}

filter {
if [type] == "syslog" {
    grok {
        match => {
            "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}"
        }
        add_field => [ "received_at", "%{@timestamp}" ]
        add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
        match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
}
}

output {
elasticsearch {
    hosts => "100.100.200.151:9200"
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
}

The logstash work fine. and status logstash is active (running)

but when i check my log in

journalctl --unit logstash

its showing some error. so this is the log

-- Logs begin at Tue 2020-03-10 13:38:25 WIB, end at Tue 2020-03-10 15:49:53 WIB. --
Mar 10 14:34:18 monitoring systemd[1]: Started logstash.
Mar 10 14:34:43 monitoring logstash[10866]: Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
Mar 10 14:34:44 monitoring logstash[10866]: [2020-03-10T14:34:44,271][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/va
Mar 10 14:34:44 monitoring logstash[10866]: [2020-03-10T14:34:44,466][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue",
Mar 10 14:34:45 monitoring logstash[10866]: [2020-03-10T14:34:45,092][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.6.1"}
Mar 10 14:34:45 monitoring logstash[10866]: [2020-03-10T14:34:45,143][INFO ][logstash.agent           ] No persistent UUID file found. Generating new UUID {:uuid=>"296b
Mar 10 14:34:46 monitoring logstash[10866]: [2020-03-10T14:34:46,203][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/etc/
Mar 10 14:34:46 monitoring logstash[10866]: [2020-03-10T14:34:46,230][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
Mar 10 14:34:46 monitoring logstash[10866]: [2020-03-10T14:34:46,646][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
Mar 10 14:34:51 monitoring logstash[10866]: [2020-03-10T14:34:51,545][INFO ][logstash.runner          ] Logstash shut down.
Mar 10 14:34:51 monitoring systemd[1]: logstash.service: main process exited, code=exited, status=1/FAILURE
Mar 10 14:34:51 monitoring systemd[1]: Unit logstash.service entered failed state.
Mar 10 14:34:51 monitoring systemd[1]: logstash.service failed.
Mar 10 14:34:52 monitoring systemd[1]: logstash.service holdoff time over, scheduling restart.
Mar 10 14:34:52 monitoring systemd[1]: Stopped logstash.
Mar 10 14:34:52 monitoring systemd[1]: Started logstash.

i took the configuration from youtube. and on the video the journalctl was work fines, no showing any errors. anyone knows what happend?

Hi

The log you posted is truncated. Check the line where it says

No config files found in path {:path=>"/etc/

It seems logstash cannot find your .conf file.

In your otuput{} section, comment out the elasticsearch{} plugin and add a stdout{} line. Try again and see what you get.

Hope this helps.

HI jordi

Yes. it works thanks for the solution.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.