Hi,
I've been using ELK for the past couple of weeks with success but recently logstash has been giving me some problems. I've looked at other posts addressing similar issues, but I'm still having trouble understanding the problem. From the logs it seems like logstash is unable to find a template file, since the path to the file is nil. But, I haven't set a path to any template file in my conf or yml files since I don't have one.
My logstash logs:
[2018-06-20T16:34:55,635][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil} Failed to install template. {:message=>"Template file '' could not be found!", :class=>"ArgumentError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/template_manager.rb:31:inread_template_file'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/template_manager.rb:17:in get_template'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/template_manager.rb:7:ininstall_template'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:96:in install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:26:inregister'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/shared.rb:9:in register'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:42:inregister'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:342:in register_plugin'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:353:inblock in register_plugins'", "org/jruby/RubyArray.java:1734:in each'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:353:inregister_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:730:in maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:363:instart_workers'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:290:in run'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:250:inblock in start'"]}
[2018-06-20T16:34:55,757][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x4e1c3ed0@/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:247 sleep>"}
[2018-06-20T16:34:55,787][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
[2018-06-20T16:34:57,762][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<NoMethodError: undefined method <' for nil:NilClass>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:222:inget_event_type'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:47:in event_action_tuple'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:36:inblock in multi_receive'", "org/jruby/RubyArray.java:2486:in map'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/logstash-output-elasticsearch-9.1.1-java/lib/logstash/outputs/elasticsearch/common.rb:36:inmulti_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator_strategies/shared.rb:13:in multi_receive'", "/usr/share/logstash/logstash-core/lib/logstash/output_delegator.rb:49:inmulti_receive'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:477:in block in output_batch'", "org/jruby/RubyHash.java:1343:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:476:in output_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:428:inworker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:386:in block in start_workers'"]} [2018-06-20T16:34:57,790][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: org.jruby.exceptions.RaiseException: (SystemExit) exit
My logstash conf file:
input {
cloudwatch_logs {
access_key_id => "xxx"
secret_access_key => "yyy"
log_group => [ "zzz/aaa" ]
}
}
filter {
grok {
match => ["message", "%{TIMESTAMP_ISO8601:timestamp} | %{LOGLEVEL:loglevel} | %{GREEDYDATA:id} | %{JAVACLASS:class} | %{GREEDYDATA:msg} | sn=%{NUMBER:sn}, address=%{IP:ip}"]
match => ["message", "%{TIMESTAMP_ISO8601:timestamp} | %{LOGLEVEL:loglevel} | %{GREEDYDATA:id} | %{JAVACLASS:class} | %{GREEDYDATA:msg} | sn=%{NUMBER:sn}, address=%{IP:ip}"]
match => ["message", "%{TIMESTAMP_ISO8601:timestamp} | %{LOGLEVEL:loglevel} | %{GREEDYDATA:id} | %{JAVACLASS:class} | %{GREEDYDATA:msg} | sn=%{NUMBER:sn}"]
}
}
output {
elasticsearch {
hosts => ["bbb"]
index => "logstash-"
}
}