Logstash.inputs.file failed to open

niraj_kumar · August 3, 2017, 4:16pm

Hi,

I am facing an issue where logstash is not able to read my files. I tried granted all permission to the files ( 777 ) and changing the owner from root to logstash and even to my local user which i use to login. I am attaching the details below.

LS Version:- 5.5.0-1

Config:

input {
file {
        path => "/data/**/*.gz"
        codec => "gzip_lines"
        start_position => "beginning"
        sincedb_path => "/var/lib/logstash/.sincedb"
        type => "cloudtrail"
        max_open_files => "65535"
  }
}

filter {
   grok {
       match => {"[path]" => "/data/(?<tstmp>\S+)/.*"}
   }
}

output {
  stdout { codec => json }

  elasticsearch {
        hosts => ["xx.xx.xx.xx:9200"]
        index => "%{[tstmp]}-%{+YYYY-MM}"
   }
}

ls -lrt output

niraj@niraj-z820:/var/log/logstash$ ll /data/bigdata/AWSLogs/xxxxxxxxxxxxx/CloudTrail/ca-central-1/2017/06/25/xxxxxxxxxxxxx_CloudTrail_ca-central-1_20170625T1045Z_y7hwapLjNSMOYnLh.json.gz
-rwxrwxrwx 1 logstash logstash 1022 Aug  3 00:54 /data/bigdata/AWSLogs/xxxxxxxxxxxxx/CloudTrail/ca-central-1/2017/06/25/xxxxxxxxxxxxx_CloudTrail_ca-central-1_20170625T1045Z_y7hwapLjNSMOYnLh.json.gz*

Error in Logstash

[2017-08-03T01:14:45,067][WARN ][logstash.inputs.file ] failed to open /data/bigdata/AWSLogs/xxxxxxxxxxxxx/CloudTrail/ca-central-1/2017/06/25/xxxxxxxxxxxxx_CloudTrail_ca-central-1_xxxxxxxxxxxxZ_y7hwapLjNSMOYnLh.json.gz: Permission denied - /data/bigdata/AWSLogs/xxxxxxxxxxxxx/CloudTrail/ca-central-1/2017/06/25/xxxxxxxxxxxxx_CloudTrail_ca-central-1_xxxxxxxxxxxxxxZ_y7hwapLjNSMOYnLh.json.gz

--
Niraj

magnusbaeck · August 3, 2017, 5:30pm

Having read access to the file itself is necessary but not sufficient. Does the user that Logstash runs as have read and execute permissions to all of directories leading up to the file you're trying to get it to read?

niraj_kumar · August 3, 2017, 8:00pm

@magnusbaeck I understand that and i have recursively given permission on the parent directory itself.

Like a chmod -R 777 /data.

Let me know if you want any output to validate that.

niraj@niraj-z820:/data$ ls -lrt
total 4
drwxrwxrwx 3 logstash logstash 4096 Aug  3 00:48 bigdata

niraj_kumar · August 3, 2017, 10:04pm

@magnusbaeck I figured out what the problem was. It was the max open file thing. When i reduced it to 1024 it started working again. I am not sure why it was throwing a permission denied but a debug run helped identify it.

system · August 31, 2017, 10:05pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
File input fails after upgrading logstash from 2.3.3 to 5.0.0-alpha4 Logstash	1	864	July 6, 2017
Logstash can't read files ( Permission denied ) Logstash	6	23804	July 6, 2017
Logstash cannot upload files, "failed to open Permission Denied" Logstash	5	869	March 27, 2017
Logstash complains permission denied when the file is owned by logstash user Logstash	3	902	July 6, 2017
Logstash not reading files input Logstash	4	379	November 15, 2019

Logstash.inputs.file failed to open

Related topics