config file has 68 lines , but log stash is showing error in line number 69 . am not sure whether log stash is picking the config file.
log stash version used is 7.0 . please help.
P.S my previous config file was bigger , it had a else section in the out put. i removed just to identify whether there is really problem with line number 69
let me give some more info . below is the error we are getitng while "file beats" sends te log to the ELK server 2019-11-04T12:43:06.072Z ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://win000587.aze.michelin.com:5044)): dial tcp 10.221.100.180:5044: connectex: No connection could be made because the target machine actively refused it.
and to your question what comes after the password section
You initial post included a configuration and an error message. I am saying I cannot understand how that configuration could result in the error message that your post included.
there are two error message i posted . one i obtained in form the log stash log file . that is in the post itself.
the error message in the conversation thread is one more evidence i got from file beats .
am not saying that config file is one issue , am just posting what are all the facts i have . not sure still this error is because of config file or some thing else is the reason
even if i change the cofigration (like removing stdout , removing one more output section still the number of lines in the error was the same. ideally logstash service should pick the new file in $logshtash/bin/pipelines
*telnet to 5044 from beats server to logstash server is not working
If you get exception=>"LogStash::ConfigurationError" then the pipeline is not running, so I would not expect it to be listening on port 5044.
Try running with --config.debug --log.level debug --config.test_and_exit on the command line. The configuration will get printed out after a message that says [DEBUG][logstash.config.pipelineconfig] Merged config. Please post the configuration that gets printed.
That is a directory. logstash will concatenate all of the files in that directory to form the configuration. Every file. No exceptions. If there is a java heap dump in the directory then logstash will try to parse it as a configuration file.
So it merges those three files to form the configuration. The error is at line 68, which is in the first file. Adding quotes around the passwords in logstash - Copy.conf fixes the errors, but you probably want to move the backup files to a different directory.
If elasticsearch has set the index to be read-only by far the most common reason is that disk utilization reached 95%. Even if utilization comes back down the index will remain read-only.
When elasticsearch set the index to be read-only it will have logged the reason why. Check your elasticsearch logs.
Below is the elastic log . i did have a look at that . could not locate exactly where elastic is setting index to be read only elastic log
how ever some words here and there i can find . like ,
Desired survivor size 17432576 bytes, new threshold 1 (max 6)
age 1: 21928840 bytes, 21928840 total
in some lines above mentioned threshold is going up "6" . not sure whether that is the place where index is becoming read only.
also one observation , as the above logstash problem existed for more than a month , lots of logs have heaped under this index"totalexecution-2019" (which is the indexwe saw in the error). so we should take that also in account while zeroing the problem.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.