Logstash - Agent Failing to execute Actions

Hey Everyone,

I'm currently trying to load some .csv data into my Elasticsearch/Kibana by using logstash. At this current time I'm getting the following error when I'm trying to load my data.
[WARN ] 2019-03-02 18:52:48.499 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-03-02 18:52:48.515 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.6.1"}
[ERROR] 2019-03-02 18:52:54.711 [Converge PipelineAction::Create] file - Unknown setting 'start' for file

[ERROR] 2019-03-02 18:31:46.195 [Converge PipelineAction::Create] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Something is wrong with your configuration.", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/mixin.rb:86:in config_init'", "/usr/share/logstash/logstash-core/lib/logstash/inputs/base.rb:60:ininitialize'", "org/logstash/plugins/PluginFactoryExt.java:251:in plugin'", "org/logstash/plugins/PluginFactoryExt.java:181:inplugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:71:in plugin'", "(eval):8:in'", "org/jruby/RubyKernel.java:994:in eval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:49:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:90:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:43:inblock in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:94:in block in exclusive'", "org/jruby/ext/thread/Mutex.java:148:insynchronize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:94:in exclusive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:39:inexecute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:327:in `block in converge_state'"]}
[INFO ] 2019-03-02 18:31:46.714 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

As some more background, here is my current .config that I'm using.

input {
file {
path => "/home/elaver/Downloads/nmaptocsv/ElliottsNmap.csv"
start => "Start"
sincedb_path => "/dev/null"
}
}
filter {
csv {
seperator => ","
columns => ["IP","FQDN","PORT","PROTOCOL","SERVICE","VERSION","OS"]
}
}
output {
elasticsearch {
hosts => "http://localhost:9200"
index => "PublicES"
}
stdout {}
}

These are my current version's that Im using for all 3.

elasticsearch 6.6.1-1
logstash 6.6.1-1
kibana 6.6.1-1

Hopefully this helps, if you need any more info from me feel free to give me a shout and thanks again for giving me a hand in advance.

That should be start_position => "beginning"

Thank you, have changed around my conf file.

Still getting the below.

[elaver@yukkisyukkis logstash]$ sudo /usr/share/logstash/bin/logstash -f /etc/logstash/logstash_ES.conf
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-03-03 02:05:01.954 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-03-03 02:05:01.974 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.6.1"}
[ERROR] 2019-03-03 02:05:08.521 [Converge PipelineAction::Create] csv - Unknown setting 'seperator' for csv
[ERROR] 2019-03-03 02:05:08.554 [Converge PipelineAction::Create] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Something is wrong with your configuration.", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/mixin.rb:86:in config_init'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:126:ininitialize'", "org/logstash/plugins/PluginFactoryExt.java:70:in filter_delegator'", "org/logstash/plugins/PluginFactoryExt.java:244:inplugin'", "org/logstash/plugins/PluginFactoryExt.java:181:in plugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:71:inplugin'", "(eval):12:in <eval>'", "org/jruby/RubyKernel.java:994:ineval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:49:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:90:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:43:in block in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:94:inblock in exclusive'", "org/jruby/ext/thread/Mutex.java:148:in synchronize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:94:inexclusive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:39:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:327:inblock in converge_state'"]}
[INFO ] 2019-03-03 02:05:09.029 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

It should be separator.

Thanks Badger, it was staring me in the face the entire time.

Solution marked and thread can be locked.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.