Logstash is logging a duplicate of all data being logged to /var/log/logstash/logstash-plain.log to /var/log/messages. It appears that many others have experienced the same issue, and that the culprit is often the following line in the output section of the *.conf file:
stdout { codec => rubydebug }
However, I do not have this line in my *.conf file.
logstash does not log to /var/log/message, it writes to stdout and it logs to /var/log/logstash. If you are running logstash as a service and you have your service manager configured to cc the stdout of a service to /var/log/messages than your service manager will write to /var/log/messages. The solution is to reconfigure the service manager.
While you are certainly correct, in practice amounts to the same thing. Additionally, reconfiguring the service manager was not an option, as other services on the host may rely on that functionality from the service manager to write their log entries to /var/log/messages.
Once I realized what was happening, I able to resolve the issue by commenting out the following lines in log4j2.properties and restarting logstash:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.