LogStash::ConfigurationError

format.guardian · May 18, 2018, 5:02pm

Hello, I'm new to ELK and I'm attempting to start logstash with a custom logstash.conf file, when I run the command

jadmin@elastic-server:/usr/share/logstash$ sudo bin/logstash -f /etc/logstash/conf.d/logstash.conf

I receive this error

[   ERROR ]2018-05-1812:36:22.100[  
   Ruby-0-Thread-1:   /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22
]agent - Failed to execute action{  
:   action=>LogStash::   PipelineAction::   Create/pipeline_id:main,
:   exception=>"LogStash::ConfigurationError",
:message=>"Expected one of #,
   => at line 18,
   column 16 (byte 297) after filter   {  
      \n\tgrok      {  
         \n\t\tmatch =>         {  
            \"message\" => \"%            {  
               COMBINEDAPACHELOG
            }            \"
         }         \n\t
      }      \n\tdate      {  
         \n\t       match =>         [  
            \"timestamp\",
            \"dd/MMM/yyyy:            HH:            mm:ss Z\"
         ]         \n \t
      }      \n\noutput      {  
         \n\telasticsearch ",
:backtrace=>         [  
            "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:42:in `compile_imperative'",
            "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:50:in `compile_graph'",
            "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:12:in `block in compile_sources'",
            "org/jruby/RubyArray.java:2486:in `map'",
            "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in `compile_sources'",
            "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:51:in `initialize'",
            "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:169:in `initialize'",
            "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:40:in `execute'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:315:in `block in converge_state'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:312:in `block in converge_state'",
            "org/jruby/RubyArray.java:1734:in `each'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:299:in `converge_state'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:166:in `block in converge_state_and_update'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:141:in `with_pipelines'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:164:in `converge_state_and_update'",
            "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:90:in `execute'",
            "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:348:in `block in execute'",
            "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"
         ]
      }

Here is the custom config file.

 input {
    	file {
    		path => "/home/jadmin/access_log"
    		start_position => "beginning"
    		ignore_older => 0
    	     }
          }
    filter { 
    	grok {
    		match => { "message" => "%{COMBINEDAPACHELOG}"}
    	     }
    	date {
    	       match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
     	     }

    output {
    	elasticsearch { 
    		hosts => [ "localhost:9200"]
    		      }
    	stdout {
    		codec => rubydebug
    	       }
    }

Any help in the right direction would be most appreciated.

format.guardian · May 18, 2018, 5:45pm

All right!! Thank you connected internet of engineers. Just by simply posing this issue I was able to see the missing curly brace ! ^_^" I'm up and running with LogStash

system · June 15, 2018, 5:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.