Logstash instance shutdown after some time atomatically

Suresh_Pal · July 2, 2018, 6:07am

I'm running logstash instance using data directory. But after sometime it stops shipping logs though instance keep running . Then after removing the data directory and creating same directory again it start shipping. Please help it is happening. can't delete data directory again and again.

magnusbaeck · July 2, 2018, 7:10am

Have you looked in the Logstash log file for clues? What does your Logstash configuration look like?

Suresh_Pal · July 3, 2018, 6:42am

you mean logstash.yml ??

magnusbaeck · July 3, 2018, 7:16am

No, I meant the pipeline configuration files.

Suresh_Pal · July 3, 2018, 8:48am

For builds log i have this configuration file.

input { beats {
port => "5044"
}
}
filter {

grok {

    match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} [%{LOGLEVEL:level}]%{GREEDYDATA:messageText}%{IP:client}" }

}
date {
match => ["timestamp", "yyyy-MM-dd HH:mm:ss.SSS", "ISO8601"]
timezone => "UTC"
}
}

output {
elasticsearch { hosts => ["localhost:9200"] }

magnusbaeck · July 3, 2018, 8:52am

Okay. There's nothing in there that should trigger shutdowns. I'd bet there's something in the logs.

Suresh_Pal · July 3, 2018, 9:46am

This is what my log files contains

tail -f /var/log/logstash/logstash-plain.log /var/log/logstash-stderr.log /var/log/logstash-stdout.log
==> /var/log/logstash/logstash-plain.log <==

==> /var/log/logstash-stderr.log <==

==> /var/log/logstash-stdout.log <==
[2018-06-21T04:31:23,866][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
[2018-06-21T04:31:24,050][INFO ][logstash.inputs.s3 ] Registering s3 input {:bucket=>"fcalb-logs", :region=>"us-east-1"}
[2018-06-21T04:31:27,425][INFO ][logstash.inputs.s3 ] Registering s3 input {:bucket=>"fcalb-logs", :region=>"us-east-1"}
[2018-06-21T04:31:28,212][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x44c1fa76 sleep>"}
[2018-06-21T04:31:28,282][INFO ][org.logstash.beats.Server] Starting server on port: 5044
[2018-06-21T04:31:28,691][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2018-06-21T04:31:35,183][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9601}
[2018-06-21T04:31:42,929][INFO ][logstash.inputs.s3 ] Using default generated file for the sincedb {:filename=>"/var/lib/logstash/plugins/inputs/s3/sincedb_efd265798b29788b1b0436aaca127b42"}
[2018-06-21T04:31:42,930][INFO ][logstash.inputs.s3 ] Using default generated file for the sincedb {:filename=>"/var/lib/logstash/plugins/inputs/s3/sincedb_a83a7e844cdbfd1a161da5c150c3b2be"}
[2018-06-21T04:31:52,796][WARN ][logstash.runner ] SIGTERM received. Shutting down

magnusbaeck · July 3, 2018, 9:48am

It looks like something from the outside is sending SIGTERM to the Logstash process. I don't think Logstash is a fault here.

system · July 31, 2018, 9:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.