Logstash-2.0 issue with stdout | help required


(pramod) #1

Hi Team,
I have an issue, in which the logstash is writing all the details into the "logstash.stdout" file. The file grows in time and consumes all the disk space[100GB], since we have 16 servers pushing all the log details. Additionally, since logstash writes all the log details in a stdout file, it consumes a huge amount of CPU resource. Easily goes 140% [We have 2 core]

Logstash version: logstash-2.0.0-1.noarch
Operating System: RHEL 6

I have tried removing the stdout block from the output section and still I can see the logs.
What I saw was that the agent.rb file appends the stdout block if the block does not exist!! I may be wrong in this. but some insight on this is really appreciated.
My main purpose is to stop the logstash doing any logs into the file, [Even if it has error, I do not need them] Since it is consuming a lot of CPU resources. Please suggest.

Kind regards,
Pramod


(Magnus Bäck) #2

I have tried removing the stdout block from the output section and still I can see the logs.

I'm sure you still have a stdout output somewhere. If you're running Logstash out of /etc/logstash/conf.d, make sure there's nothing there (grep stdout /etc/logstash/conf.d/*). Logstash will parse all files in that directory.

What I saw was that the agent.rb file appends the stdout block if the block does not exist!!

Only if you're using -e with a string that contains no outputs.


(pramod) #3

Hi Magnus,
Thank you for the details. But unfortunately, that did not help. It looks like it was caching the config somewhere aswell. It was weird, but what can I say.
So I uninstalled the logstash and reinstalled it again. It has stopped logging all the logs in stdout log file. Then, the Kibana was getting stuck in the discovery screen. I refreshed the cache of the Elasticsearch, removed all the index, and even reinstalled the Elastic search. Nothing was helping in this case.

one last thing I saw was that the permission on the Kibana was not assigned to the kibana user and group. I changed kibana folder permission as [chown -R kibana:kibana kibana_folder] and then restarted the Kibana. It started working.
Hope this will help someone.

Kind regards,
Pramod


(Magnus Bäck) #4

Logstash doesn't cache configuration anywhere. Next time you get a problem like this, start Logstash with --debug to get additional details about the configuration and from where it's loaded.


(system) #5