Hi Team,
I have an issue, in which the logstash is writing all the details into the "logstash.stdout" file. The file grows in time and consumes all the disk space[100GB], since we have 16 servers pushing all the log details. Additionally, since logstash writes all the log details in a stdout file, it consumes a huge amount of CPU resource. Easily goes 140% [We have 2 core]
I have tried removing the stdout block from the output section and still I can see the logs.
What I saw was that the agent.rb file appends the stdout block if the block does not exist!! I may be wrong in this. but some insight on this is really appreciated.
My main purpose is to stop the logstash doing any logs into the file, [Even if it has error, I do not need them] Since it is consuming a lot of CPU resources. Please suggest.
I have tried removing the stdout block from the output section and still I can see the logs.
I'm sure you still have a stdout output somewhere. If you're running Logstash out of /etc/logstash/conf.d, make sure there's nothing there (grep stdout /etc/logstash/conf.d/*). Logstash will parse all files in that directory.
What I saw was that the agent.rb file appends the stdout block if the block does not exist!!
Only if you're using -e with a string that contains no outputs.
Hi Magnus,
Thank you for the details. But unfortunately, that did not help. It looks like it was caching the config somewhere aswell. It was weird, but what can I say.
So I uninstalled the logstash and reinstalled it again. It has stopped logging all the logs in stdout log file. Then, the Kibana was getting stuck in the discovery screen. I refreshed the cache of the Elasticsearch, removed all the index, and even reinstalled the Elastic search. Nothing was helping in this case.
one last thing I saw was that the permission on the Kibana was not assigned to the kibana user and group. I changed kibana folder permission as [chown -R kibana:kibana kibana_folder] and then restarted the Kibana. It started working.
Hope this will help someone.
Logstash doesn't cache configuration anywhere. Next time you get a problem like this, start Logstash with --debug to get additional details about the configuration and from where it's loaded.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.