Logstash Error : Expected one of #, ", ', -, [, {, ] at line 4, column 14 (byte 33) after input { file { path => [

manopmk · March 22, 2017, 4:45am

Im Using mac im unable to load apache log to logstash. Im getting error
" Error: Expected one of #, ", ', -, [, {, ] at line 4, column 14 (byte 33) after input { file { path => [

I tried path => "/Users/tcstsb3/Downloads/log/access_log.log"
path => ["/user....../apache.log"]
path => ["user....../apache.log"]

same error only im getting,
ANY ONE PLZ HELP ME

My Conf

input {
file { path => [“/Users/tcstsb3/Downloads/log/access_log”] type => "apache" }
}
filter {
grok {
match => { “message” => “%
{COMBINEDAPACHELOG}” }
}
}
output {
elasticsearch { hosts => [“10.145.40.24:9200”] }
stdout { codec => rubydebug }
}

Note:
im using
logstash 1.4.2
elastic 1.4.4
java 8

magnusbaeck · March 22, 2017, 6:08am

Make sure you're using regular straight double quotes:

It looks like you're using this kind of quote:

“

manopmk · March 22, 2017, 6:59am

Thank you soo much buddy
that error gone.
but im getting new error

Using milestone 2 input plugin 'file'. This plugin should be stable, but if you see strange behavior, please let us know! For more information on plugin milestones, see http://logstash.net/docs/1.4.2/plugin-milestones {:level=>:warn}
Unknown setting 'hosts' for elasticsearch {:level=>:error}
Error: Something is wrong with your configuration.

can you help

magnusbaeck · March 22, 2017, 7:06am

I strongly suggest that you upgrade your version of Logstash. If you upgrade to at least 2.0 your problem will magically disappear since that version introduced the hosts option (replacing the old host option).

manopmk · March 22, 2017, 7:24am

thanx buddy

Im using mac.
is there any command to update the version of logstash ?.

have one more query if i update logstash , whether i need to update elasticsearch and kibana ?.
currently using elasticsearch (1.4.4) kibana (4.0.1) ?

magnusbaeck · March 22, 2017, 7:27am

is there any command to update the version of logstash ?.

That depends on how you installed it.

have one more query if i update logstash , whether i need to update elasticsearch and kibana ?.
currently using elasticsearch (1.4.4) kibana (4.0.1) ?

Logstash 5.x probably works with ES 1.4 but it's probably not a well-tested combination. Logstash 2.x will definitely be fine.

manopmk · March 22, 2017, 7:33am

Thank you buddy

some how i managed existing version make configuration to work by elasticsearch {
** host => "10.145.40.24"**
** port => "9200"**
** protocol => "http" }**

now im getting this message

Faraday::TimeoutError: Timeout::Error
** call at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/faraday-0.9.0/lib/faraday/adapter/net_http.rb:56**
** build_response at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/faraday-0.9.0/lib/faraday/rack_builder.rb:139**
** run_request at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/faraday-0.9.0/lib/faraday/connection.rb:377**
** perform_request at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/transport/http/faraday.rb:24**
** call at org/jruby/RubyProc.java:271**
** perform_request at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/transport/base.rb:187**
** perform_request at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/transport/http/faraday.rb:20**
** perform_request at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.1/lib/elasticsearch/transport/client.rb:102**
** perform_request at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-api-1.0.1/lib/elasticsearch/api/namespace/common.rb:21**
** get_template at /Users/tcstsb3/Downloads/elkpack/logstash/vendor/bundle/jruby/1.9/gems/elasticsearch-api-1.0.1/lib/elasticsearch/api/actions/indices/get_template.rb:24**
** template_exists? at /Users/tcstsb3/Downloads/elkpack/logstash/lib/logstash/outputs/elasticsearch/protocol.rb:132**
** template_install at /Users/tcstsb3/Downloads/elkpack/logstash/lib/logstash/outputs/elasticsearch/protocol.rb:21**
** register at /Users/tcstsb3/Downloads/elkpack/logstash/lib/logstash/outputs/elasticsearch.rb:259**
** each at org/jruby/RubyArray.java:1613**
** outputworker at /Users/tcstsb3/Downloads/elkpack/logstash/lib/logstash/pipeline.rb:220**
** start_outputs at /Users/tcstsb3/Downloads/elkpack/logstash/lib/logstash/pipeline.rb:152**

i Dont know whether configuration loaded or not
how to check buddy .

magnusbaeck · March 22, 2017, 7:34am

Looks like a network problem. Make sure you can connect to 10.145.40.24:9200.

manopmk · March 22, 2017, 7:37am

i tried in browser "http://10.145.40.24:9200/"

its work fine.
im getting response

{
"status" : 200,
"name" : "Doug Ramsey",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.4.4",
"build_hash" : "c88f77ffc81301dfa9dfd81ca2232f09588bd512",
"build_timestamp" : "2015-02-19T13:05:36Z",
"build_snapshot" : false,
"lucene_version" : "4.10.3"
},
"tagline" : "You Know, for Search"
}

then how can i check that configuration is loaded in logstash or not buddy.

magnusbaeck · March 22, 2017, 7:40am

The configuration is loaded, otherwise you wouldn't get this far. I don't know why Logstash is having problems. Keep in mind that your browser could have proxy settings that affect the results. Use a low-level tool like telnet instead. Over and out.

manopmk · March 22, 2017, 1:46pm

Buddy
finally i cleared all error

my conf
input {

file {
path => ["/Users/tcstsb3/Downloads/log/access_log.log"]
type => "apache"
}

}

filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}

output {
elasticsearch {
host => "10.145.40.24"
port => "9200"
user => "username"
password => "password"
protocol => "http"
index => "test"
}

stdout { codec => rubydebug }
}
i executed file by ./logstash -f apache.conf
it shows "Logstash startup completed"
i opened kibana 4
under settting , i created index called test (which i configured in conf) choosed timestamp.

then im unable to see the access_log under discover tab
can you help me

magnusbaeck · March 22, 2017, 1:56pm

Logstash is tailing the file and probably waiting for more data to be added. Read the file input plugin documentation and pay close attention to the start_position and sincedb_path options.

manopmk · March 22, 2017, 2:15pm

Hi Buddy i have added some input field

now im getting this error in kibana

Error: Could not locate that index-pattern (id: logstash-*) in kibana

manopmk · March 23, 2017, 7:00am

im using kibana 4.0.1
under Selected Fields

This field is present in your elasticsearch mapping but not in any documents in the search results. You may still be able to visualize or search on it.

Didnt show any log which i configured

system · April 20, 2017, 7:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.