Logstash is taking more time or hanging

Kibana is not showing any drop-down value in 'Time-filed name'
RedHat Linux 64 bit, software installed using RPM package
java -version
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

Logstash: 2.2.1
Elasticsearch: 2.2.1
Kibana: 4.3.1

log [11:52:15.173] [info][status][plugin:kibana] Status changed from uninitialized to green - Ready
log [11:52:15.198] [info][status][plugin:elasticsearch] Status changed from uninitialized to yellow - Waiting for Elasticsearch
log [11:52:15.209] [info][status][plugin:kbn_vislib_vis_types] Status changed from uninitialized to green - Ready
log [11:52:15.217] [info][status][plugin:markdown_vis] Status changed from uninitialized to green - Ready
log [11:52:15.222] [info][status][plugin:metric_vis] Status changed from uninitialized to green - Ready
log [11:52:15.225] [info][status][plugin:spyModes] Status changed from uninitialized to green - Ready
log [11:52:15.228] [info][status][plugin:statusPage] Status changed from uninitialized to green - Ready
log [11:52:15.230] [info][status][plugin:table_vis] Status changed from uninitialized to green - Ready
log [11:52:15.248] [info][listening] Server running at http://0.0.0.0:5601
log [11:52:15.258] [info][status][plugin:elasticsearch] Status changed from yellow to green - Kibana index ready

sudo service elasticsearch start
Starting elasticsearch: [ OK ]

sudo service elasticsearch status
elasticsearch (pid 24984) is running...

curl localhost:9200
{
"name" : "Patch",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.1.1",
"build_hash" : "40e2c53a6b6c2972b3d13846e450e66f4375bd71",
"build_timestamp" : "2015-12-15T13:05:55Z",
"build_snapshot" : false,
"lucene_version" : "5.3.1"
},
"tagline" : "You Know, for Search"
}

sudo service elasticsearch stop
Stopping elasticsearch: [ OK ]

cat /etc/logstash/conf.d/10-syslog.conf
input
{
stdin { }
}
output
{
elasticsearch
{
hosts => "bhlnxbimsv01:9200"
}
stdout
{
codec => rubydebug
}
}

What do you mean, can you share a screenshot?

Pasted image1410×538 28.7 KB

Elasticsearch URL output:

Pasted image935×389 5.31 KB

Do you have data in the cluster?

Hi Mark,

I am new to ELK, so I just installed below software in Linux RedHat machine:
Java, Elasticsearch, Logstash (RPM packages) & Kibana (Untar the TAR bundle)

Started all process with sample logstash conf file.

Do I miss anything? What is meaning of Data in cluster?

Please guide me or share me any doc which helps me

Thanks in advance
Adarsha

Kibana can only display something if there is data in ES.

Take a look at https://www.elastic.co/guide/en/kibana/current/getting-started.html

Thanks Mark, will go through and let you know if there is any issue

Hi Mark,

Logstash is taking more time or hanging, even file contain single line data.

cat conf/emp.conf
input {
file {
path => "/opt/log_files/emp.log"
start_position => beginning
}
}

filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
stdout { codec => rubydebug }
}

cat emp.log
adarsha 12345678

bin/logstash -f conf/emp.conf
Settings: Default filter workers: 4
Logstash startup completed

It's not hanging, if you have processed that file before then look at https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html#plugins-inputs-file-sincedb_path