Logstash Config Error-JAVA

i have performing basic setup of logstash getting JAVA error. not able to complete the config test.

ERROR: Failed to load settings file from "path.settings". Aborting... path.setting=/etc/logstash/logstash.yml, exception=Java::JavaLang::RuntimeException, message=>Unhandled IOException: java.io.IOException: unhandled errno: Not a directory
[ERROR] 2018-03-26 01:42:49.137 [main] Logstash - java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit

This is my startup.config file for logstash

Override Java location



Set a home directory


logstash settings directory, the path which contains logstash.yml


Arguments to pass to logstash

LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"

Arguments to pass to java


pidfiles aren't used the same way for upstart and systemd; this is for sysv users.


user and group id to be invoked as


Enable GC logging by uncommenting the appropriate lines in the GC logging

section in jvm.options


Open file limit


Nice level

"startup.options" 55L, 1696C

you set the wrong config file for parameter path.setting!

In that param you need to set input\output config for logstash

path.setting =/etc/logstash/conf.d/*.conf

and create in folder /etc/logstash/conf.d/ file logstash.conf with input\output config!

logstash.yml sets for logstash in 2 ways:

  1. as a parameter commandline

  2. as a variable in startup.options file

    /# logstash settings directory, the path which contains logstash.yml

do you mean .

i have to provide the logstash.config file path here

Arguments to pass to logstash

LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"

because i have already created the conf.d folder and the .conf file is available in the folder
it works fine when i run the command /bin/logstash -f /etc/logstash/conf.d/logstash.conf

but logstash does not listen on port 5044 . so i looked at this error when i ran the command /usr/share/logstash/bin/logstash --path.settings /etc/logstash/logstash.yml -t

check rights for this config file with command ls -lh . -rw-rw---- for user logstash from group logstash.
(chown and chmod 660)
In some cases logstash cant read this file and goes down with errors

yea this is done. but i am not able to see logstash listening at 5044 port number.
any checks ???

i have tried alot making this logstash up . looking at basic structure to collect var log files from some 200 linux box machines

show your input and output logstash config, and show logstash log. If there any error on logstash start - it will be there.

for example i use winlogbeat and meticbeat for input, so i use:


input {
beats {
port => 5044

output {
elasticsearch {
hosts => ["xx.xx.xx.xx:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"

so, after restart logstash service, if everything configured right, i use netstat -tulpn and see that
tcp6 0 0 :::5044 :::* LISTEN

can i use filebeat instead of metric beat ?
i want to basically capture the syslogs and auth.log files details from all 200 machines

metricbeat is gathering system info about CPU, RAM, HDD, LAN and etc usage, and processes on PC. It doesnt collect or send any logs.
WInlogbeat collects and sends windows system logs (application, security, system, setup or others)
So, if you want to collect Windows syslogs - better use Winlogbeat (because it has filters and thin configuration).
If you need some other logs from different apps - use Filebeat - it was made for it.

thanks for the info . how do i connect to elastic search cloud setup using local logstash server

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.