Logstash input for oracle database

altink · April 5, 2022, 10:47pm

I have an Bitnami virtual ova distribution, ELK 7.17 on Debian 10.
Elastic, Kibana and Logstash run as services (daemons).

I have put the logstash config file logstash-ora-01.conf under /opt/bitnami/logstash/config

input {
    jdbc {
        jdbc_validate_connection => true
        jdbc_connection_string => "jdbc:oracle:thin:@192.168.1.22:1521/orcl"
        jdbc_user => "system"
        jdbc_password => "Manager123"
        jdbc_driver_library => "/opt/ftp_upload/ojdbc8.jar"
        jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
        statement => "SELECT sysdate as SYSTEM_DATE_TIME from dual"
	schedule => "*/1 * * * *"
       }
}
output   {
    elasticsearch {}
}

However, I am seeing no connection from from Oracle (monitoring and auditing there).
So I guess my oracle JDBC input is not running on logstash - which runs as a service (bitnami VM !)

ojdbc8.jar is in the right dir, Oracle DB is up and logon credentials are right.

Is the placing of .conf file under /logstash/config enough to start action?

please advise

best regards
Altin

altink · April 6, 2022, 9:00pm

I did corrected the schedule from
schedule => "*/1 * * * "
to
schedule => " * * * *"
but still cannot see any activity related to logstash-ora-01.conf - my conf file.

below is the content of /logstash/logs/logstash-plain.log

[2022-04-06T19:35:30,108][INFO ][logstash.runner          ] Log4j configuration path used is: /opt/bitnami/logstash/config/log4j2.properties
[2022-04-06T19:35:30,236][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.17.1", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.14+9-LTS on 11.0.14+9-LTS +indy +jit [linux-x86_64]"}
[2022-04-06T19:35:30,240][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms1490m, -Xmx1490m, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true]
[2022-04-06T19:35:33,837][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-04-06T19:35:40,684][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2022-04-06T19:35:44,602][INFO ][org.reflections.Reflections] Reflections took 390 ms to scan 1 urls, producing 119 keys and 417 values 
[2022-04-06T19:35:50,402][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//127.0.0.1:9200"]}
[2022-04-06T19:35:51,982][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://127.0.0.1:9200/]}}
[2022-04-06T19:35:53,699][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://127.0.0.1:9200/"}
[2022-04-06T19:35:53,747][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (7.17.1) {:es_version=>7}
[2022-04-06T19:35:53,761][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2022-04-06T19:35:54,343][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-04-06T19:35:54,343][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-04-06T19:35:54,678][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled}
[2022-04-06T19:35:54,833][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/opt/bitnami/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0x1e36bbc3 run>"}
[2022-04-06T19:35:59,164][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>4.32}
[2022-04-06T19:35:59,244][INFO ][logstash.inputs.beats    ][main] Starting input listener {:address=>"127.0.0.1:5044"}
[2022-04-06T19:36:00,648][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2022-04-06T19:36:00,689][INFO ][logstash.inputs.tcp      ][main][db81e2e8bf758b0503d9fca34679b6dab77009a5c6f695a45b0db02ecdef151c] Starting tcp input listener {:address=>"127.0.0.1:5010", :ssl_enable=>false}
[2022-04-06T19:36:00,719][INFO ][logstash.inputs.http     ][main][e952e964aeaee9edee05d91ee7c5223d1aa03199d6f576687d5ceb7f1e476568] Starting http input listener {:address=>"127.0.0.1:8080", :ssl=>"false"}
[2022-04-06T19:36:00,881][INFO ][logstash.inputs.gelf     ][main][f13767570670f26c3d74550409a873aed4a860203dfbeea5aa4444e6b85e319c] Starting gelf listener (udp) ... {:address=>"127.0.0.1:12201"}
[2022-04-06T19:36:01,295][INFO ][logstash.inputs.udp      ][main][cd19fb57ee267a9ed0bff60433a7fc564b0b5dd7efc1fb1e0f888cd900c4c690] Starting UDP listener {:address=>"127.0.0.1:5000"}
[2022-04-06T19:36:01,480][INFO ][org.logstash.beats.Server][main][b9a69d2add55e97ff229918bb1311d6853cc63de6e4b7c37b3d8685ce1d4abcd] Starting server on port: 5044
[2022-04-06T19:36:01,588][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2022-04-06T19:36:01,744][INFO ][logstash.inputs.udp      ][main][cd19fb57ee267a9ed0bff60433a7fc564b0b5dd7efc1fb1e0f888cd900c4c690] UDP listener started {:address=>"127.0.0.1:5000", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
[2022-04-06T20:34:28,471][WARN ][logstash.runner          ] SIGTERM received. Shutting down.
[2022-04-06T20:34:42,902][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main"}
[2022-04-06T20:34:43,490][INFO ][logstash.runner          ] Logstash shut down.
[2022-04-06T20:38:19,184][INFO ][logstash.runner          ] Log4j configuration path used is: /opt/bitnami/logstash/config/log4j2.properties
[2022-04-06T20:38:19,353][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.17.1", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.14+9-LTS on 11.0.14+9-LTS +indy +jit [linux-x86_64]"}
[2022-04-06T20:38:19,366][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms1490m, -Xmx1490m, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true]
[2022-04-06T20:38:24,368][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-04-06T20:38:40,502][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2022-04-06T20:38:56,298][INFO ][org.reflections.Reflections] Reflections took 834 ms to scan 1 urls, producing 119 keys and 417 values 
[2022-04-06T20:39:11,808][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//127.0.0.1:9200"]}
[2022-04-06T20:39:18,647][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://127.0.0.1:9200/]}}
[2022-04-06T20:39:22,008][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://127.0.0.1:9200/"}
[2022-04-06T20:39:22,188][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (7.17.1) {:es_version=>7}
[2022-04-06T20:39:22,217][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2022-04-06T20:39:23,800][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-04-06T20:39:23,801][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-04-06T20:39:26,051][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled}
[2022-04-06T20:39:26,361][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/opt/bitnami/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0x115757f6 run>"}
[2022-04-06T20:39:41,534][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>14.87}
[2022-04-06T20:39:47,283][INFO ][logstash.inputs.beats    ][main] Starting input listener {:address=>"127.0.0.1:5044"}
[2022-04-06T20:39:49,190][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2022-04-06T20:39:49,579][INFO ][logstash.inputs.http     ][main][e952e964aeaee9edee05d91ee7c5223d1aa03199d6f576687d5ceb7f1e476568] Starting http input listener {:address=>"127.0.0.1:8080", :ssl=>"false"}
[2022-04-06T20:39:49,836][INFO ][logstash.inputs.tcp      ][main][db81e2e8bf758b0503d9fca34679b6dab77009a5c6f695a45b0db02ecdef151c] Starting tcp input listener {:address=>"127.0.0.1:5010", :ssl_enable=>false}
[2022-04-06T20:39:50,002][INFO ][logstash.inputs.gelf     ][main][f13767570670f26c3d74550409a873aed4a860203dfbeea5aa4444e6b85e319c] Starting gelf listener (udp) ... {:address=>"127.0.0.1:12201"}
[2022-04-06T20:39:51,589][INFO ][logstash.inputs.udp      ][main][cd19fb57ee267a9ed0bff60433a7fc564b0b5dd7efc1fb1e0f888cd900c4c690] Starting UDP listener {:address=>"127.0.0.1:5000"}
[2022-04-06T20:39:51,725][INFO ][org.logstash.beats.Server][main][b9a69d2add55e97ff229918bb1311d6853cc63de6e4b7c37b3d8685ce1d4abcd] Starting server on port: 5044
[2022-04-06T20:39:53,268][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2022-04-06T20:39:54,361][INFO ][logstash.inputs.udp      ][main][cd19fb57ee267a9ed0bff60433a7fc564b0b5dd7efc1fb1e0f888cd900c4c690] UDP listener started {:address=>"127.0.0.1:5000", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}

altink · April 6, 2022, 9:46pm

did change location of logstash-ora-01.conf file from /logstash/config to /logstash/bin, but yet no activity

system · May 4, 2022, 9:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Trying to get the data from oracle database through logstash but data is not coming to elasticsearch Logstash	10	2386	February 25, 2020
Logstash Oracle JDBC issue Logstash	7	1632	February 14, 2017
Logstash-input-jdbc doesn't work on logstash 5.x Logstash	11	2445	January 30, 2017
Read Oracle Database Table Data vi Logstash to insert into ElasticSearch Logstash elastic-stack-monitoring	4	2106	March 1, 2023
Unable to load data from Oracle DB Logstash	4	473	June 27, 2019

Logstash input for oracle database

Related topics