Logstash 5.0.0-alpha4 installation and configuration problem

abu.sayeed · August 1, 2016, 7:36am

System OS: Ubuntu 14.04.4 LTS
#java -version:
java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

I install Logstash just following 3 command:
#wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
#echo "deb https://packages.elastic.co/logstash/5.0/debian stable main" | sudo tee -a /etc/apt/sources.list
#apt-get update && apt-get install logstash

Reply:
Selecting previously unselected package logstash.
(Reading database ... 105309 files and directories currently installed.)
Preparing to unpack .../logstash_1%3a5.0.0~alpha4-1_all.deb ...
Unpacking logstash (1:5.0.0~alpha4-1) ...
Setting up logstash (1:5.0.0~alpha4-1) ...
Using provided startup.options file: /etc/logstash/startup.options
Sending all logs to /tmp/tmp.v9CVeNj21D
Successfully created system startup script for Logstash

But I don't see logstash auto script file in /etc/init.d/ directory

I enter /usr/share/logstash directory and command this

bin/logstash -e 'input { stdin { } } output { stdout {} }'

Reply:
--- jar coordinate com.fasterxml.jackson.core:jackson-annotations already loaded with version 2.7.1 - omit version 2.7.0
--- jar coordinate com.fasterxml.jackson.core:jackson-databind already loaded with version 2.7.1 - omit version 2.7.1-1
Logstash has a new settings file which defines start up time settings. This file is typically located in $LS_HOME/config or /etc/logstash. If you installed Logstash through a package and are starting it manually please specify the location to this settings file by passing in "--path.settings=/path/.." in the command line options {:level=>:warn}
Failed to load settings file from "path.settings". Aborting... {"path.settings"=>"/usr/share/logstash/config", "exception"=>Errno::ENOENT, "message"=>"No such file or directory - /usr/share/logstash/config/logstash.yml", :level=>:fatal}

cd /usr/share/logstash/bin/

./logstash
same reply

./system-install

Sending all logs to /tmp/tmp.4R6kewbM4r
Successfully created system startup script for Logstash

cat /var/log/logstash/logstash.log

{:timestamp=>"2016-08-01T12:41:57.063000+0600", :message=>"SIGTERM received. Shutting down the agent.", :level=>:warn}
{:timestamp=>"2016-08-01T12:41:57.072000+0600", :message=>"stopping pipeline", :id=>"main", :level=>:warn}
{:timestamp=>"2016-08-01T12:41:57.750000+0600", :message=>"Pipeline main has been shutdown"}
{:timestamp=>"2016-08-01T12:43:00.610000+0600", :message=>"Pipeline main started"}

#cat /var/log/logstash/logstash.err
--- jar coordinate com.fasterxml.jackson.core:jackson-annotations already loaded with version 2.7.1 - omit version 2.7.0
--- jar coordinate com.fasterxml.jackson.core:jackson-databind already loaded with version 2.7.1 - omit version 2.7.1-1

#cat /var/log/logstash/logstash.stdout
{:timestamp=>"2016-08-01T12:42:58.711000+0600", :message=>"Logstash has a new settings file which defines start up time settings. This file is typically located in $LS_HOME/config or /etc/logstash. If you installed Logstash through a package and are starting it manually please specify the location to this settings file by passing in "--path.settings=/path/.." in the command line options", :level=>:warn}
{:timestamp=>"2016-08-01T12:42:58.725000+0600", :message=>"Failed to load settings file from "path.settings". Aborting...", "path.settings"=>"/usr/share/logstash/config", "exception"=>Errno::ENOENT, "message"=>"No such file or directory - /usr/share/logstash/config/logstash.yml", :level=>:fatal}

my logstash configuration file
#vim /etc/logstash/conf.d/02-beats-input.conf
input {

beats {

port => 5044

ssl => true

ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"

ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"

}

#vim /etc/logstash/conf.d/10-syslog-filter.conf
filter {

if [type] == "syslog" {

grok {

  match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }

  add_field => [ "received_at", "%{@timestamp}" ]

  add_field => [ "received_from", "%{host}" ]

}

syslog_pri { }

date {

  match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]

}

}

#vim /etc/logstash/conf.d/30-elasticsearch-output.conf
output {

elasticsearch {

hosts => ["localhost:9200"]

sniffing => true

manage_template => false

index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"

document_type => "%{[@metadata][type]}"

}

what is my wrong?

Anybody help me kindly

theuntergeek · August 1, 2016, 4:16pm

The startup files are auto-generated, and detect the system startup style automatically. See Running Logstash as a Service on Debian or RPM | Logstash Reference [5.0] | Elastic

Chillmen · August 1, 2016, 9:43pm

I get the same message while testing logstash, I tried it on CentOS 7 and Ubuntu 14.04.
it also takes a long time to show the error message.
if i run logstash 2.x it runs fine.
I installed mine from rpm for cent os and yum with ubuntu.
I'll try the tar file next.

abu.sayeed · August 2, 2016, 6:22am

yes Now Logstash auto start ok. but when I run Logstash with the -f flag to pass in the configuration file

#bin/logstash -f logstash-apache.conf
or
#/usr/share/logstash/bin/logstash -f logstash-apache.conf
it reply:

--- jar coordinate com.fasterxml.jackson.core:jackson-annotations already loaded with version 2.7.1 - omit version 2.7.0
--- jar coordinate com.fasterxml.jackson.core:jackson-databind already loaded with version 2.7.1 - omit version 2.7.1-1
Logstash has a new settings file which defines start up time settings. This file is typically located in $LS_HOME/config or /etc/logstash. If you installed Logstash through a package and are starting it manually please specify the location to this settings file by passing in "--path.settings=/path/.." in the command line options {:level=>:warn}
Failed to load settings file from "path.settings". Aborting... {"path.settings"=>"/usr/share/logstash/config", "exception"=>Errno::ENOENT, "message"=>"No such file or directory - /usr/share/logstash/config/logstash.yml", :level=>:fatal}

Thanks

AJ_2 · August 5, 2016, 1:48pm

I managed to run it by creating an empty settings file and adding the --path.setting option.

sudo touch /usr/share/logstash/logstash.yml
sudo /usr/share/logstash/bin/logstash -path.settings="/usr/share/logstash/" -f "/path/to/connfig.conf"

theuntergeek · August 5, 2016, 3:31pm

I recommend not using an empty logstash.yml, as it will be harder to change anything from the default. If you installed via an RPM/DEB (and the /usr/share/logstash path is a giveaway there), then the default is in /etc/logstash/logstash.yml. You should copy that and edit accordingly.

AJ_2 · August 5, 2016, 4:19pm

Ok, thank you.