Logstash exception while parsing Java Log file

satendr · July 3, 2018, 11:54am

HI ,
I am new to ELK and trying to implement parsing for our Log file , but when i run config file , its giving Parsing Exception.

My logstash config file is:

input {
beats {
port => "5044"

}

filter {

grok {
  match => [ "message", "%{CATALINALOG}" ]
}
 }

output {

stdout {
codec => rubydebug
}

Sending properly parsed log events to elasticsearch

elasticsearch {
hosts => "localhost:9200"
manage_template => false

}

and Sample logs file is :
INFO Parental Page Loaded and Lock Content displayed
INFO Received PIN:1234
INFO The UI element mtfileTV.ParentalControls.Enabled [Enabled On] is displayed
ERROR Exception occoured while finding the given element name "mtfileTV.ParentalControls.Disabled" type "NAME" description " Parental lock is disabled text status" Value "Disabled Off"
ERROR An element could not be located on the page using the given search parameters. (WARNING: The server did not provide any stacktrace information)
Command duration or timeout: 382 milliseconds
For documentation on this error, please visit: http://seleniumhq.org/exceptions/no_such_element.html
Build info: version: 'unknown', revision: 'b526bd5', time: '2017-03-07 11:11:07 -0800'
System info: host: 'IN5033-01', ip: '192.168.86.127', os.name: 'Windows 10', os.arch: 'amd64', os.version: '10.0', java.version: '1.8.0_151'
Driver info: io.appium.java_client.windows.WindowsDriver
Capabilities [{app=mtfileTVLLC.mtfileTV_vgszm6stshdqy!App, platformName=Windows, platform=ANY}]
Session ID: 9D664F38-2D99-4751-A535-60DF0466A08F
*** Element info: {Using=name, value=Disabled Off}
ERROR Exception occoured while finding the given element name "mtfileTV.ParentalControls.Disabled" type "NAME" description " Parental lock is disabled text status" Value "Disabled Off" The specified element mtfileTV.ParentalControls.Disabled Parental lock is disabled text status does not exist
ERROR The UI element mtfileTV.ParentalControls.Disabled is not displayed
INFO The UI element mtfileTV.ParentalControls.Status.RNC17TVMA.Locked [R, NC-17, TV-MA Locked] is displayed
ERROR Exception occoured while finding the given element name "mtfileTV.ParentalControls.Disabled" type "NAME" description " Parental lock is disabled text status" Value "Disabled Off"
Command duration or timeout: 438 milliseconds
For documentation on this error, please visit: http://seleniumhq.org/exceptions/no_such_element.html
Build info: version: 'unknown', revision: 'b526bd5', time: '2017-03-07 11:11:07 -0800'
System info: host: 'IN5033-01', ip: '192.168.86.127', os.name: 'Windows 10', os.arch: 'amd64', os.version: '10.0', java.version: '1.8.0_151'
Driver info: io.appium.java_client.windows.WindowsDriver
Capabilities [{app=mtfileTVLLC.mtfileTV_vgszm6stshdqy!App, platformName=Windows, platform=ANY}]

when i run logstash , its giving exception:

Sending Logstash's logs to F:/ELK/logstash-6.2.4/logs which is now configured via log4j2.properties
[2018-07-03T17:17:41,319][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"fb_apache", :directory=>"F:/ELK/logstash-6.2.4/modules/fb_apache/configuration"}
[2018-07-03T17:17:41,347][INFO ][logstash.modules.scaffold] Initializing module {:module_name=>"netflow", :directory=>"F:/ELK/logstash-6.2.4/modules/netflow/configuration"}
[2018-07-03T17:17:41,593][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-07-03T17:17:42,365][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.2.4"}
[2018-07-03T17:17:42,907][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-07-03T17:17:48,199][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[2018-07-03T17:17:49,210][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
[2018-07-03T17:17:49,239][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x65de1925 run>"}
[2018-07-03T17:17:49,383][INFO ][org.logstash.beats.Server] Starting server on port: 5044
[2018-07-03T17:17:49,399][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
[2018-07-03T17:18:19,056][INFO ][org.logstash.beats.BeatsHandler] [local: 127.0.0.1:5044, remote: 127.0.0.1:53803] Handling exception: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
[2018-07-03T17:18:19,059][WARN ][io.netty.channel.DefaultChannelPipeline] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:38) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:353) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.18.Final.jar:4.1.18.Final]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
Caused by: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
at org.logstash.beats.BeatsParser.decode(BeatsParser.java:92) ~[logstash-input-beats-5.1.0.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-all-4.1.18.Final.jar:4.1.18.Final]
... 8 more

Please helpme to resolve the issue

Badger · July 3, 2018, 5:03pm

What are you using to send data to port 5044, and how is it configured?

satendr · July 4, 2018, 5:13am

i have configured filebeat to supply logs in Port - 5044 .

mention filebeat.ym l config
filebeat.inputs:

type: log
enabled: true
paths:
- c:\elk.log

system · August 1, 2018, 5:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.