Logstash cannot run config file on window

Elastic Stack Logstash
1

Dear All,

I try to run a config file in window but fail. As the log is very long, I attach some of the log. Please advice.

2018-09-10 16:47:45,885 main ERROR Null object returned for RollingFile in Appenders.
2018-09-10 16:47:45,885 main ERROR Null object returned for RollingFile in Appenders.
2018-09-10 16:47:45,885 main ERROR Null object returned for RollingFile in Appenders.
2018-09-10 16:47:45,885 main ERROR Null object returned for RollingFile in Appenders.
2018-09-10 16:47:45,885 main ERROR Unable to locate appender "plain_rolling" for logger config "root"
2018-09-10 16:47:45,885 main ERROR Unable to locate appender "plain_rolling_slowlog" for logger config "slowlog"
[2018-09-10T16:47:45,973][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"C:/ELK/logstash/modules/fb_apache/configuration"}
[2018-09-10T16:47:46,008][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"C:/ELK/logstash/modules/netflow/configuration"}
[2018-09-10T16:47:46,361][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
Configuration OK
[2018-09-10T16:47:55,227][INFO ][logstash.runner ] Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash

Thanks

2

Hi Peterch

You're trying to run a logstash on Windows, I presume? Please read your question before posting.

Can you supply us with the config file? So we understand what it is you are trying to do. Just post it in between a series of backticks "`" (three backticks to start, three to end), so there will be markup.

Thanks

3

Hi Johan,

sorry for the typo.

I just tried to run the command again through cmd in admin and the error are gone. It show another error. May I know how to fix it?

Error message
C:\ELK\logstash\bin>logstash -f "C:\ELK\logstash\config\blueliv_free.conf"
Sending Logstash's logs to C:/ELK/logstash/logs which is now configured via log4j2.properties
[2018-09-10T17:27:23,664][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"C:/ELK/logstash/modules/fb_apache/configuration"}
[2018-09-10T17:27:23,729][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"C:/ELK/logstash/modules/netflow/configuration"}
[2018-09-10T17:27:24,130][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-09-10T17:27:24,152][FATAL][logstash.runner ] Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple in
stances, you must change the "path.data" setting.
[2018-09-10T17:27:24,166][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit

config file
input {
blueliv {
api_url => "https://freeapi.blueliv.com"
http_timeout => 1000
api_key => "my key"
feeds => {
"attacks" => {
"active" => "true"
}
"botips" => {
"active" => "true"
}
"crimeservers" => {
"active" => "true"
"feed_type" => "recent"
}
"malwares" => {
"active" => "false"
}
}
}
}
output {
elasticsearch {
hosts => "1.1.1.1:9200"
index => "blueliv-%{@collection}"
manage_template => false
document_id => "%{document_id}"
}
}

Thanks

4

your error says

Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple in
stances, you must change the "path.data" setting.

So you already have a logstash process running. Maybe close all Java processes in process manager

5

Hi Johan,

I am not understand. Is that mean the config file cannot run because there is already a logstash which is running logstash.yml?

Thanks

6

yes it is

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.