Logstash configtest error

dogelorde · July 1, 2016, 2:56pm

Running an ELK Stack on Ubuntu Server 16 - Logstash 2.2.4 service is active, so it seems to load fine. When I run "sudo service logstash configtest", my output is this:
Error: Expected one of #, input, filter, output at line 1, column 1 (byte 1) after {:level=>:error}

02-file-input.conf
input {
file {
path => [ "var/log/syslog.log" ]
type => "syslog"
}
}
10-syslog-filter.conf
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
30-elasticsearch-output.conf
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

I'm thinking this is why I can't create a logstash index in Kibana (Unable to fetch mapping. Do you have any indices matching the pattern?)

dogelorde · July 1, 2016, 4:51pm

Solved this by combining all config files into one file "syslog-elasticsearch.conf" and placing it in /etc/logstash/conf.d/syslog-elasticsearch.conf

Now when I run service logstash configtest, I get configuration OK. Kibana was able to create an index pattern.

Topic		Replies	Views
Logstash Configuration Error Logstash	3	835	July 13, 2017
Logstash configtest Failing Logstash	2	961	July 6, 2017
Logstash ConfigurationError Logstash	5	428	December 16, 2022
Simple logstash for syslog and apache error Logstash	4	948	July 6, 2017
Logstash configuration file error Logstash	3	276	April 20, 2018

Logstash configtest error

Related topics