Logstash 7.5.0 configuration error

Elastic Stack Logstash
1

Hi I'm new to ELK and I want to connect Logstash to Elasticsearch, but my data doesn't go to Elasticsearch. Everytime I try to run Logstash I get an error.

[2019-12-03T16:14:10,102][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.5.0"}
[2019-12-03T16:14:11,788][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [ \t\r\n], "#", "input", "filter", "output" at line 2, column 1 (byte 2) after \n", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:in compile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2584:in map'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:156:in initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:326:in block in converge_state'"]}
[2019-12-03T16:14:12,317][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-12-03T16:14:17,243][INFO ][logstash.runner ] Logstash shut down.

This is the config file I use, I can't seem to find what is wrong.

input {
file {
path => "/var/log/customapacheacceslog"
start_postition => "beginning"
}
}

filter {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
}
stdout { codec => rubydebug }
}

Hope to hear from you guys!

2

Try running with --config.debug --log.level debug --config.test_and_exit on the command line. That will show you each file that it is loading as part of the configuration, and it will show you the merged configuration. You can then identify where line 2 is coming from.

4

Hi Badger,

Thanks for the help!
I worked, Logstash is running now! :slight_smile:

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.