Logstash 7.9 not writing to output file

Elastic Stack Logstash
#1

I have logstash 7.9 running in centos hosts. I'm facing a strange behavior.

Logstash is not writing to a file in the given path. I want to make sure logstash is working or not so I provided a path in output section but no luck

steps I made logstash to write into file:

  • provided /var/log/logstash directory in /etc/logstash/conf.d/messages.conf file
  • /var/log/logstash have 775 access and directory under logstash user
  • also tried by commenting the sincedb file and sincedb_path sections

questions on this issue:
How do we define the initial 0's in sincedb file im providing '0 0 0 0 0 0' initially but it is not working and I also removed the file to make logstash generate on it's own sincedb file but still not working

here is my config file

input {
  file {
    path => "/var/solr/logs/solr.log"
  }
}

filter {
  grok  {
    match =>  ["message", "%{TIMESTAMP_ISO8601:TSTAMP}%{SPACE}%{GREEDYDATA:LOG}"]
  }
}
output {

if ("_grokparsefailure" in [tags]) {
      file {
        path => "/opt/logstash/failure-log-data-%{+YYYY-MM-dd}"
      }
    } else {
  file {
     path => "/var/log/logstash/logs-messages.log"
  }
 }
}
#2

For debuging purposes try adding

input {
  file {
    path => "/var/solr/logs/solr.log"
    sincedb_path => "/dev/null"
  }
}

and add

The write the output to stdout...

output {

  stdout { codec => rubydebug }

if ("_grokparsefailure" in [tags]) {
      file {
        path => "/opt/logstash/failure-log-data-%{+YYYY-MM-dd}"
      }
    } else {
  file {
     path => "/var/log/logstash/logs-messages.log"
  }
 }
}

Then run manually from the command line... to see what you get...

you will need to specify

--path.settings (where the logstash.yml is) and -f the path to the config file...

#3

Hello Brown,

Thank you for the answer.

I noticed a strange behaviour in logstash 7.9. when I run the config file manually from command line logstash started writing to sincedb file. I started normally many times before running manually but it didn't pick the file. after running config files manually I restarted logstash then it started picking sincedb file not it is working fine.

I didn't check the config earlier manually because when i check in the logstash log file with trace it is validated without any issues.