[root@elastic ~]# tail /var/log/logstash/logstash-plain.log
[2021-08-24T15:20:49,553][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.14.0", "jruby.version"=>"jruby 9.2.19.0 (2.5.8) 2021-06-15 55810c552b OpenJDK 64-Bit Server VM 11.0.11+9 on 11.0.11+9 +indy +jit [linux-x86_64]"}
[2021-08-24T15:20:51,620][INFO ][logstash.config.source.local.configpathloader] No config files found in path {:path=>"/etc/logstash/conf.d/*.conf"}
[2021-08-24T15:20:51,634][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
[2021-08-24T15:20:51,839][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2021-08-24T15:20:56,999][INFO ][logstash.runner ] Logstash shut down.
[2021-08-24T15:20:57,026][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.19.0.jar:?]
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.19.0.jar:?]
at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:89) ~[?:?]
This is actual logstash logs but these logs are yesterday's logs,today it is not updating logs in this file
# pipeline.ordered: auto
#
# ------------ Pipeline Configuration Settings --------------
#
# Where to fetch the pipeline configuration for the main pipeline
#
path.config: /etc/logstash/conf.d/*.conf
and location of config file is
[root@elastic logstash]# cd conf.d/
[root@elastic conf.d]# ls
syslog.conf
[root@elastic conf.d]#
You appears to have path.config indented in logstash.yml, it probably should not be indented. Otherwise, it is most likely a permissions error, where the user running logstash cannot read the files in that directory.
When i comment path config in logstash.yml this error shown
[root@elastic logstash]# service logstash status
Redirecting to /bin/systemctl status logstash.service
● logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2021-08-30 10:57:35 IST; 17s ago
Main PID: 12335 (java)
CGroup: /system.slice/logstash.service
└─12335 /usr/share/logstash/jdk/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-...
Aug 30 10:57:35 elastic.sys systemd[1]: Stopped logstash.
Aug 30 10:57:35 elastic.sys systemd[1]: Unit logstash.service entered failed state.
Aug 30 10:57:35 elastic.sys systemd[1]: logstash.service failed.
Aug 30 10:57:35 elastic.sys systemd[1]: Started logstash.
Aug 30 10:57:35 elastic.sys logstash[12335]: Using bundled JDK: /usr/share/logstash/jdk
Aug 30 10:57:35 elastic.sys logstash[12335]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Aug 30 10:57:43 elastic.sys logstash[12335]: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
hello sir,
If you have document related to how to secure ELK stack in centos 7 then please provide me .
i followed this website step by step and tried multiple times but always getting error please suggest me .
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.