hi , i've benn dealing with a problem for 2 days now
i'm using logstash 2.3 on rhel VM
my logstash configurations worked just fine until yesterday:
i built another very simple configuration :
input {
file {
type => "authlog15"
path => "/logstash/logs/auth2015-11-15-10.log"
sincedb_path => "/dev/null"
start_position => "beginning"
codec => multiline {
pattern => "^%{YEAR}"
negate => "true"
what => "next"
}
}
}
filter {
if [type] == "authlog15" {
grok {
match => ["message", "%{GREEDYDATA:text}"]
}
}
}
output {
if [type] == "authlog15" {
elasticsearch {
hosts => ["hostname:9200"]
index => "authlog"
}
}
tried to run it with /opt/logstash/bin/logstash -f config.conf --debug
and i kept getting these messages with debug :
the same message kept coming up 3-4 times per second
tried to run the configuration with the service (put it in /etc/logstash/conf.d)
and the service crashed after 3 second (no logs - tried to run the service with debug and still no logs)
now al the other configurations that have worked before don't work now - the service always crashes
tried to change LS_HEAP_SIZE -still didn't work
tried booting the server twice - no help
tried to reinstall logstash - no help
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.