Logstash Error start error

MikoMan · April 21, 2019, 12:01pm

Hi there,

Just tried to config logstash to work with elatstich and i got some problems.
running on same linux machine i got :
elasticsearch 7
kibana 7
logstash 7

while trying to start logstash i got this error:

[2019-04-21T14:59:30,352][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.0.0"}
[2019-04-21T14:59:41,587][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://10.70.25.150:9200/]}}
[2019-04-21T14:59:41,864][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://10.70.25.150:9200/"}
[2019-04-21T14:59:41,942][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>6}
[2019-04-21T14:59:41,946][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2019-04-21T14:59:41,980][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//10.70.25.150:9200"]}
[2019-04-21T14:59:42,069][INFO ][logstash.outputs.elasticsearch] Using default mapping template
[2019-04-21T14:59:42,128][INFO ][logstash.outputs.elasticsearch] Index Lifecycle Management is set to 'auto', but will be disabled - Your Elasticsearch cluster is before 7.0.0, which is the minimum version required to automatically run Index Lifecycle Management
[2019-04-21T14:59:42,130][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"default"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2019-04-21T14:59:42,404][ERROR][logstash.javapipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Grok::PatternError: pattern %{sis_al_time:al_time} not defined>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jls-grok-0.11.5/lib/grok-pure.rb:123:in block in compile'", "org/jruby/RubyKernel.java:1411:inloop'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/jls-grok-0.11.5/lib/grok-pure.rb:93:in compile'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.0.4/lib/logstash/filters/grok.rb:281:inblock in register'", "org/jruby/RubyArray.java:1792:in each'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.0.4/lib/logstash/filters/grok.rb:275:inblock in register'", "org/jruby/RubyHash.java:1419:in each'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.0.4/lib/logstash/filters/grok.rb:270:inregister'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:56:in register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:191:inblock in register_plugins'", "org/jruby/RubyArray.java:1792:in each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:190:inregister_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:446:in maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:203:instart_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:145:in run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:104:inblock in start'"], :thread=>"#<Thread:0x73abc2c0 run>"}
[2019-04-21T14:59:42,434][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
[2019-04-21T14:59:42,901][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-04-21T14:59:47,824][INFO ][logstash.runner ] Logstash shut down.

What is wrong ?

Thanks

Miko

Badger · April 21, 2019, 12:49pm

You have configured a grok filter to match the pattern sis_al_time and save the match into the field al_time. However, that is not one of the standard patterns and you have not defined it.

system · May 19, 2019, 12:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
After upgrading logstash 6.7.0 to 7.0.1 continously restarting Logstash	3	1692	July 11, 2019
Logstash problem Logstash	2	228	November 23, 2020
Logstash output to elasticsearch - open distro for elasticsearch Logstash	3	1432	November 19, 2020
Logstash not work( Logstash	7	336	December 18, 2019
Logstash logging problem Logstash	16	608	May 22, 2019

Logstash Error start error

Related topics