Logstash error while testing the config file

gopisa · September 9, 2018, 12:03pm

hI All,

my All servers are in azure cloud ..

All Applications are running on java 1.7.0

I have running logstash version is 2.1.2

if i ran the bin\logstash -f conf\some.conf --config.reload.automatic getting below msg

C:\SoftwareInstalls\logstash-2.1.2>bin\logstash -f conf\some.conf --config.reload.automatic

io/console not supported; tty will not be manipulated

Clamp::UsageError: Unrecognised option '--config.reload.automatic'

signal_usage_error at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:103

     find_option at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/option/parsing.rb:62

   parse_options at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/option/parsing.rb:28

           parse at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:52

             run at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.2-java/lib/logstash/runner.rb:79

            call at org/jruby/RubyProc.java:281

             run at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/logstash-core-2.1.2-java/lib/logstash/runner.rb:95

            call at org/jruby/RubyProc.java:281

      initialize at C:/SoftwareInstalls/logstash-2.1.2/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:24

When I installed logstash 5.4 version and java version 1.8 on my desktop .that time log generated. I didn't find any errors on that log file.

Logstash configuration "

input {

file {

    path =&gt; "C:\SoftwareInstalls\testingfilebeat.log"

    start_position =&gt; "beginning"

}

}

filter {

if [path] =~ "access" {

    mutate { replace =&gt; { "type" =&gt; "apache_access" } }

    grok {

        match =&gt; { "message" =&gt; "%{COMBINEDAPACHELOG}" }

    }

}

}

output {

)

logfile :

64.242.88.10 - - [07/Mar/2004:16:05:49 -0800] "GET /twiki/bin/edit/Main/Double_bounce_sender?topicparent=Main.ConfigurationVariables HTTP/1.1" 401 12846

64.242.88.10 - - [07/Mar/2004:16:06:51 -0800] "GET /twiki/bin/rdiff/TWiki/NewUserTemplate?rev1=1.3&rev2=1.2 HTTP/1.1" 200 4523

64.242.88.10 - - [07/Mar/2004:16:10:02 -0800] "GET /mailman/listinfo/hsdivision HTTP/1.1" 200 6291

64.242.88.10 - - [07/Mar/2004:16:11:58 -0800] "GET /twiki/bin/view/TWiki/WikiSyntax HTTP/1.1" 200 7352

Thanks

Gopi s

8187871065

Christian_Dahlqvist · September 9, 2018, 5:23pm

I believe automatic reloading of config was introduced in Logstash 2.3, which would explain why it works on 5.4 but not with version 2.1.

gopisa · September 11, 2018, 1:27pm

Thank you for your quick response.

i have installed 2.3 and it's working fine now. Need one more help . my logs file look like below.

logfile

{
"SourceId" : "123",
"EventId" : "6",
"Keywords" : "2",
"Level" : "ve",
"Message" : "",
"Opcode" : "Info",
"Task" : "123 Information",
"Version" : "0",
"Timestamp" : "2018-09-10T15:09:29.9617308Z",
"Payload_message" : "Received Message",
"Payload_Service Name" : "home",
"Payload_OriginatingMessageId" : "123",
"Payload_Status" : "OK",
"EOE" : ""
}
{
"SourceId" : "1234",
"EventId" : "6",
"Keywords" : "2",
"Level" : "ver",
"Message" : "",
"Opcode" : "Infy",
"Task" : "123 Information",
"Version" : "0",
"Timestamp" : "2018-09-10T15:09:29.9617308Z",
"Payload_message" : "Received Message",
"Payload_Service Name" : "homes",
"Payload_OriginatingMessageId" : "1234",
"Payload_Status" : "OK",
"EOE" : ""
}

logstash configuration

input {
file {
path => "C:\Logs\testingfilebeat.log"
start_position => "beginning"
}
}

filter {
if [path] =~ "access" {
mutate { replace => { "type" => "Applog" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
json {
source => "message"
}
}

as of now it's taking the individual line in one record.

OUTPUT

{
"message" => "{\r",
"@version" => "1",
"@timestamp" => "2018-09-11T13:20:32.973Z",
"path" => "C:\Logs\testingfilebeat.log",
"host" => "dev1"
}
{
"message" => ""SourceId" : "1234",\r",
"@version" => "1",
"@timestamp" => "2018-09-11T13:20:32.973Z",
"path" => "C:\Medseek\Logs\testingfilebeat.log",
"host" => "dev1"
}

problem is it's storing the individual line in to one record, like { is storing one record and source id storing another record .

i need to store { to } totally in one record . what configuration need to do ..

could you please help me on this

regards
gopi

gopisa · September 12, 2018, 8:39am

Can you plz help me on this.

system · October 10, 2018, 8:40am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Clamp::UsageError: Unrecognised option '-c' Logstash	11	4402	July 6, 2017
Error in updating logstash to 2.2.2 Logstash	1	754	July 6, 2017
When trying to load Configuration file this error is coming in Logstash CMD on windows Logstash	2	1153	August 6, 2016
Error while transferring data in to Elastic Search Any one who can provide solution? Logstash	3	746	July 6, 2017
Error - The signal HUP is in use by the JVM and will not work correctly on this platform Logstash	14	7186	July 6, 2017

Logstash error while testing the config file

output {

OUTPUT

Related topics