Logstash does not output to elastic , and now does not work at all

gilisade · May 25, 2016, 7:26am

hi , i've benn dealing with a problem for 2 days now
i'm using logstash 2.3 on rhel VM
my logstash configurations worked just fine until yesterday:
i built another very simple configuration :
input {
file {
type => "authlog15"
path => "/logstash/logs/auth2015-11-15-10.log"
sincedb_path => "/dev/null"
start_position => "beginning"
codec => multiline {
pattern => "^%{YEAR}"
negate => "true"
what => "next"

}
}

}

filter {
if [type] == "authlog15" {

            grok {

                    match => ["message", "%{GREEDYDATA:text}"]

}

}
}

output {
if [type] == "authlog15" {
elasticsearch {
hosts => ["hostname:9200"]
index => "authlog"

}

tried to run it with /opt/logstash/bin/logstash -f config.conf --debug
and i kept getting these messages with debug :

gilisade · May 25, 2016, 7:27am

the same message kept coming up 3-4 times per second
tried to run the configuration with the service (put it in /etc/logstash/conf.d)
and the service crashed after 3 second (no logs - tried to run the service with debug and still no logs)
now al the other configurations that have worked before don't work now - the service always crashes

tried to change LS_HEAP_SIZE -still didn't work
tried booting the server twice - no help
tried to reinstall logstash - no help

what to do ????

gilisade · May 25, 2016, 7:30am

the message: 
Flushing buffer at interval {:instance=>"#<LogStash::Outputs::ElasticSearch::Buffer:0x26cf2d97 @operations_mutex=#<Mutex:0x2808c73e>, @max_size=500, @operations_lock=#<Java::JavaUtilConcurrentLocks::ReentrantLock:0x2c3746e7>, @submit_proc=#<Proc:0x3649f621@/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.6.2-java/lib/logstash/outputs/elasticsearch/common.rb:57>, @logger=#<Cabin::Channel:0x5816e6e1 @metrics=#<Cabin::Metrics:0x4e80837a @metrics_lock=#<Mutex:0x91a324a>, @metrics={}, @channel=#<Cabin::Channel:0x5816e6e1 ...>>, @subscriber_lock=#<Mutex:0x701b25b6>, @level=:debug, @subscribers={12378=>#<Cabin::Subscriber:0x55842f79 @output=#<Cabin::Outputs::IO:0xd54cfe1 @io=#<IO:fd 1>, @lock=#<Mutex:0x24cb6d68>>, @options={}>}, @data={}>, @last_flush=2016-05-25 10:21:21 +0300, @flush_interval=1, @stopping=#<Concurrent::AtomicBoolean:0x140b3d7f>, @buffer=[], @flush_thread=#<Thread:0x60802760 run>>", :interval=>1, :level=>:debug, :file=>"logstash/outputs/elasticsearch/buffer.rb", :line=>"90", :method=>"interval_flush"}`indent preformatted text by 4 spaces`

warkolm · May 25, 2016, 9:16am

Is ES up and running?

gilisade · July 6, 2016, 1:09pm

The problem was that i needed to put the ignore_older for more thanks 24h

Topic		Replies	Views
Logstash does not output to elasticsearch, only "Flushing buffer at interval" in log Logstash	7	2534	July 6, 2017
Logstash not outputting to file Logstash	2	332	August 20, 2019
Upgraded logstash 1.5 to 5.2, now it doesn't read Logstash	2	430	March 6, 2017
Logstash 2.3.1 elasticsearch config not working Logstash	2	2111	July 6, 2017
Logstash can not output to elasticsearch? Logstash	6	1063	October 18, 2017

Logstash does not output to elastic , and now does not work at all

Related topics