filter {
if [type] == "syslog" {
grok {
match => [ "message", "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" ],
match => [ "message", "<%{POSINT:priority}> %{MONTHNUM}/%{MONTHDAY}/%{YEAR}:%{HOUR}:%{MINUTE}:%{SECOND} %{WORD:tz} %{SYSLOGHOST} %{GREEDYDATA:radius_message}" ]
}
}
}
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/ --config.test_and_exit
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2018-12-23 16:05:40.702 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[FATAL] 2018-12-23 16:05:45.835 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, } at line 268, column 202 (byte 9740) after filter {
if [type] == "syslog" {
grok {
match => [ "message", "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" ]
[ERROR] 2018-12-23 16:05:45.863 [LogStash::Runner] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
What is wrong?
Thanks