Logstash Configuration IlegalStateException

Tempy · May 24, 2018, 10:35am

Hello,

I ran

 /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/filebeat.conf --config.test_and_exit

and got this as an output

[FATAL] 2018-05-24 12:24:15.136 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, => at line 37, column 2 (byte 2020) after filter {
    grok
        {
        match => { "message" => [
        "Dienst %{WORD:service} wurde %{WORD:service_status}...",
        "Dienst %{WORD:service} %{WORD:status} bei Durchlauf: %{GREEDYDATA:error_description}",
        "PD-%{WORD:pd_service}: %{WORD:status} beim Modulaufruf durch %{NUMBER:job}. %{GREEDYDATA:error_description}",
        "PD-%{WORD:pd_service}: Jobdatei %{NUMBER:jobfile_number}.job wurde erfolgreich unter %{WINPATH:jobpath} gespeichert.",
        "PD-%{WORD:pd_service}: Entpacktes %{GREEDYDATA:description}",
        "PD-%{WORD:pd_service} XJDF: %{DATA:ptk_file}\ wurde erfolgreich generiert.",
        "PD-%{WORD:pd_service} XJDF: %{DATA:ptk_file}\ wurde erfolgreich in %{WORD:folder_type}: %{WINPATH:path} verschoben.",
        "PD-%{WORD:pd_service}: %{WINPATH:ptk_file_path} in %{WINPATH:path} entpackt.",
        "PD-%{WORD:pd_service}: %{DATA:file_type}\ %{WINPATH:ptk_file_path} umbenannt in %{DATA:ptk_file}",
        "PD-%{WORD:pd_service}: Datei %{DATA:xml_file}\ wurde erfolgreich nach %{WINPATH:xml_file_path} kopiert.",
        "PD-%{WORD:pd_service}: %{DATA:ptk_file}\ wurde nach %{WINPATH:path} kopiert.",
        "PD-%{WORD:pd_service}: %{WORD:file_type} %{DATA:jobfile}\ wurde erfolgreich erstellt.",
        "--------------------------------\| %{GREEDYDATA:input}\: %{DATA:zip_file}\ \|--------------------------------",
        "Dienst %{WORD:service}: Konfigdatei erfolgreich geladen.",
        "Dienst %{WORD:service} überwacht: %{GREEDYDATA:description}",
        "Dienst %{WORD:service} %{WORD:status} bei Initialisierung: %{GREEDYDATA:description}",
        "Dienst %{WORD:service} %{WORD:status} bei Statusabfrage: %{GREEDYDATA:description}",
        "PD-%{WORD:pd_service}: Bogen als SD-Satz erkannt und umgeleitet.",
        "PD-%{WORD:pd_service}: %{DATA:file_type}\ %{WINPATH:zip_file} %{DATA:status}, %{GREEDYDATA:error_description}",
        "%{GREEDYDATA:no_pattern}"]
        }
  mutate

[ERROR] 2018-05-24 12:24:15.144 [LogStash::Runner] Logstash - java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit

Some of the words in the Grok pattern are in German. I supose that the meaning is not relevant for this issue, so I just explain what they are for.
Right now the logs I am getting are pretty unstructured. So meanwhile I just want to know filenames, paths and the status which contains "Fehler" which means "Error".
The rest is basically words that each log line contains, which I use as keywords to match the pattern to, so that each log log line only matches one pattern.
I testet each pattern with a whole log containing all possible log lines with a grok debugger and they all worked.

I'm not sure what the error is, maybe it's just one syntax problem.
Can you help me out please?

magnusbaeck · May 24, 2018, 11:03am

It looks like there's a } missing before the next mutate filter.

Tempy · May 24, 2018, 11:31am

Sometimes it can be so easy.
Yes you are right, unfortunaetly I tried to figured out myself before I read your answer.

For everyone running into the same issue:
Visual Studio Code has an Logstash addon which you can use for creating configuration files.
It's easier to spot syntax errors as the characters get highlighted.

Thanks, you can close this one now.

system · June 21, 2018, 11:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.