Logstash input from tcp/udp protocol

bishaka · August 2, 2016, 10:10pm

Hi,
I am trying to send some JSON formatted logs to elasticsearch over tcp/udp protocol for visualizations in Kibana. I have the config file below:

input {
tcp {
host => "http://nimhts23.hm230.org"
port => 8983
type => syslog
}
udp {
host => "http://nimhts23.hm230.org"
port => 8983
type => syslog
}
}

output {
elastisearch {
protocol => "http"
host => "10.45.31.897"
port => 5600
index => "SolrData"
document_type => "realtime"
stdout { codec => rubydebug }
}
}

However, when I run this, i get the error " initialize: name or service not known
-bash: initialize:: command not found"

I am not sure what this means..

bishaka · August 2, 2016, 10:36pm

I also tried using the httppoll plugin in logstash...however,.. i get an http failure message

input {
http_poller {
urls => {
test1 => "http://nimhts23.hm230.org/solr/col_dashv1_shard2_replica2/select?q=%3A&wt=json&indent=true"
}

request_timeout => 60
interval => 60
codec => "json"

}
}

output {
elasticsearch {
hosts => "10.45.31.897"

}

I get the following message:

@version:1 @timestamp:August 2nd 2016, 15:29:24.663 tags:_http_request_failure http_request_failure.request.method:get http_request_failure.request.url:http://nimhts23.hm230.org/solr/col_dashv1_shard2_replica2/select?q=%3A&wt=json&indent=true http_request_failure.name:test1 http_request_failure.error:nimhts23.hm230.org: unknown error http_request_failure.backtrace: - http_request_failure.runtime_seconds:0.284 _id:AVZNYEFVvm06ECqo53r0 _type:logs _index:logstash-2016.08.02 _score:

anhlqn · August 2, 2016, 10:38pm

Are you running Logstash to listen to incoming syslog on port 8983? If yes, then remove the follow

bishaka · August 2, 2016, 10:52pm

I tried that. No luck

I get the following error:

Could not start TCP server: Address in use {:host=>"0.0.0.0", :port=>8983, :level=>:error}
The error reported is:
Address already in use - bind - Address already in use

bishaka · August 2, 2016, 11:30pm

Is it a plugin i need to install though?

anhlqn · August 2, 2016, 11:39pm

Use one port for TCP and a different port for UDP. Ex: 8983 for TCP and 8984 for UDP

bishaka · August 2, 2016, 11:45pm

Still same issue.

bishaka · August 2, 2016, 11:48pm

I tried the following method as shown in the post:

Dioing this way gets me the following error message:

@version:1 @timestamp:August 2nd 2016, 15:29:24.663 tags:httprequest_failure http_request_failure.request.method:get http_request_failure.request.url:http://nimhts23.hm230.org/solr/col_dashv1_shard2_replica2/select?q=%3A&wt=json&indent=true http_request_failure.name:test1 http_request_failure.error:nimhts23.hm230.org: unknown error http_request_failure.backtrace: - http_request_failure.runtime_seconds:0.284 _id:AVZNYEFVvm06ECqo53r0 _type:logs _index:logstash-2016.08.02 _score:

I used the following config file:

input {
http_poller {
urls => {
test1 => "http://nimhts23.hm230.org/solr/col_dashv1_shard2_replica2/select?q=%3A&wt=json&indent=true"
}

request_timeout => 60
interval => 60
codec => "json"
}
}

output {
elasticsearch {
hosts => "10.45.31.897"

}