Logstash Configuration IlegalStateException

Elastic Stack Logstash
1

Hello,

I ran

 /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/filebeat.conf --config.test_and_exit

and got this as an output

[FATAL] 2018-05-24 12:24:15.136 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, => at line 37, column 2 (byte 2020) after filter {
    grok
        {
        match => { "message" => [
        "Dienst %{WORD:service} wurde %{WORD:service_status}...",
        "Dienst %{WORD:service} %{WORD:status} bei Durchlauf: %{GREEDYDATA:error_description}",
        "PD-%{WORD:pd_service}: %{WORD:status} beim Modulaufruf durch %{NUMBER:job}. %{GREEDYDATA:error_description}",
        "PD-%{WORD:pd_service}: Jobdatei %{NUMBER:jobfile_number}.job wurde erfolgreich unter %{WINPATH:jobpath} gespeichert.",
        "PD-%{WORD:pd_service}: Entpacktes %{GREEDYDATA:description}",
        "PD-%{WORD:pd_service} XJDF: %{DATA:ptk_file}\ wurde erfolgreich generiert.",
        "PD-%{WORD:pd_service} XJDF: %{DATA:ptk_file}\ wurde erfolgreich in %{WORD:folder_type}: %{WINPATH:path} verschoben.",
        "PD-%{WORD:pd_service}: %{WINPATH:ptk_file_path} in %{WINPATH:path} entpackt.",
        "PD-%{WORD:pd_service}: %{DATA:file_type}\ %{WINPATH:ptk_file_path} umbenannt in %{DATA:ptk_file}",
        "PD-%{WORD:pd_service}: Datei %{DATA:xml_file}\ wurde erfolgreich nach %{WINPATH:xml_file_path} kopiert.",
        "PD-%{WORD:pd_service}: %{DATA:ptk_file}\ wurde nach %{WINPATH:path} kopiert.",
        "PD-%{WORD:pd_service}: %{WORD:file_type} %{DATA:jobfile}\ wurde erfolgreich erstellt.",
        "--------------------------------\| %{GREEDYDATA:input}\: %{DATA:zip_file}\ \|--------------------------------",
        "Dienst %{WORD:service}: Konfigdatei erfolgreich geladen.",
        "Dienst %{WORD:service} überwacht: %{GREEDYDATA:description}",
        "Dienst %{WORD:service} %{WORD:status} bei Initialisierung: %{GREEDYDATA:description}",
        "Dienst %{WORD:service} %{WORD:status} bei Statusabfrage: %{GREEDYDATA:description}",
        "PD-%{WORD:pd_service}: Bogen als SD-Satz erkannt und umgeleitet.",
        "PD-%{WORD:pd_service}: %{DATA:file_type}\ %{WINPATH:zip_file} %{DATA:status}, %{GREEDYDATA:error_description}",
        "%{GREEDYDATA:no_pattern}"]
        }
  mutate

[ERROR] 2018-05-24 12:24:15.144 [LogStash::Runner] Logstash - java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit

Some of the words in the Grok pattern are in German. I supose that the meaning is not relevant for this issue, so I just explain what they are for.
Right now the logs I am getting are pretty unstructured. So meanwhile I just want to know filenames, paths and the status which contains "Fehler" which means "Error".
The rest is basically words that each log line contains, which I use as keywords to match the pattern to, so that each log log line only matches one pattern.
I testet each pattern with a whole log containing all possible log lines with a grok debugger and they all worked.

I'm not sure what the error is, maybe it's just one syntax problem.
Can you help me out please?

2

It looks like there's a } missing before the next mutate filter.

3

Sometimes it can be so easy.
Yes you are right, unfortunaetly I tried to figured out myself before I read your answer.

For everyone running into the same issue:
Visual Studio Code has an Logstash addon which you can use for creating configuration files.
It's easier to spot syntax errors as the characters get highlighted.

Thanks, you can close this one now. :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.