Logstash Configuration Error -**Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 14

priya1 · June 13, 2018, 12:31pm

Hi Team,

Please find the details below,

Code : input{
file {
path => "C:\Users\priya_shukla\Desktop\SAPLogsERR\test2.log"
start_position => "beginning"
sincedb_path => "C:\Users\priya_shukla\Downloads\logstash-6.2.4\logstash-6.2.4\logs\sincedb"
}
}
filter {
grok
{
match => [ "message", "%{DATA:date} %{DATA:timestamp}"]
}
mutate {
add_field => { "sap_process_time" ,"%{date} %{timestamp}" }
}
}
output{
csv{
fields => ["sap_process_time"]
path => "C:\Users\priya_shukla\Downloads\logstash-6.2.4\logstash-6.2.4\demo.csv"
}
}

Error :

[2018-06-13T17:57:18,047][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/modules/fb_apache/configuration"}
[2018-06-13T17:57:18,071][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/modules/netflow/configuration"}
[2018-06-13T17:57:18,339][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-06-13T17:57:19,231][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.2.4"}
[2018-06-13T17:57:20,219][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-06-13T17:57:21,019][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 14, column 44 (byte 347) after filter {\ngrok \n{\nmatch => [ "message", "%{DATA:date}\t%{DATA:timestamp}"]\n}\n\tmutate {\n\t add_field => { "sap_process_time" ", :backtrace=>["C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/compiler.rb:42:in compile_imperative'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/compiler.rb:50:incompile_graph'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/compiler.rb:12:in block in compile_sources'", "org/jruby/RubyArray.java:2486:inmap'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/compiler.rb:11:in compile_sources'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline.rb:51:ininitialize'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline.rb:169:in initialize'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/pipeline_action/create.rb:40:inexecute'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:315:in block in converge_state'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:141:inwith_pipelines'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:312:in block in converge_state'", "org/jruby/RubyArray.java:1734:ineach'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:299:in converge_state'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:166:inblock in converge_state_and_update'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:141:in with_pipelines'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:164:inconverge_state_and_update'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/agent.rb:90:in execute'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/logstash-core/lib/logstash/runner.rb:348:inblock in execute'", "C:/Users/priya_shukla/Downloads/logstash-6.2.4/logstash-6.2.4/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}

Kindly guide the solution or identify where the mistake is there .

Priya

Badger · June 13, 2018, 12:49pm

Should be

add_field => { "sap_process_time"  => "%{date} %{timestamp}" }

magnusbaeck · June 13, 2018, 1:39pm

grok
{
match => [ "message", "%{DATA:date} %{DATA:timestamp}"]
}
mutate {
add_field => { "sap_process_time" ,"%{date} %{timestamp}" }
}

What are you trying to do there? You're taking a string apart and putting it back together again.

system · July 11, 2018, 1:39pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Configuration Error (Failed to execute action) Logstash	4	10247	June 12, 2018
ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, { at line 24, column 7 Logstash	7	1228	April 23, 2019
Can you help me with Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError" problem? Logstash	3	601	August 15, 2019
Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 6, Logstash	4	3743	May 16, 2019
Failed to execute action Logstash	3	284	October 28, 2021

Logstash Configuration Error -**Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 14

Related Topics