Logstash Not Running, keep restarting

Hi all, I am facing with this issue that my logstash keep restarting.

How do I troubleshoot this? Installing logstash on /usr/share/ is it correct? rather than /etc/?

 logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2019-10-21 10:40:45 +08; 10s ago
 Main PID: 3115 (java)
    Tasks: 28
   Memory: 826.6M
      CPU: 47.468s
   CGroup: /system.slice/logstash.service
           └─3115 /usr/bin/java -Xms8g -Xmx8g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=tru

# Stopped logstash.
# Started logstash.
#Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in
#WARNING: An illegal reflective access operation has occurred
#WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/jru
#WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
#WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
#WARNING: All illegal access operations will be denied in a future release

Hi can I run the Wazuh-monitoring data collecting NOT using logstash? I notice this unstable process will cause issue for us. Thanks

Does your servive manager include a healthcheck that assumes logstash will be responsive immediately after it starts?

Hi can you clarify on this? How can I achieve that, kindly guide me.

My current setup:
Elasticsearch - 7.3.2
Kibana - 7.1.1
Logstash - 7.3.1
Filebeat - 7.3.2

Can these be compatible ?

Some error found when running Filebeat too

May I know is it because my nginx logs got not enough info to display the dashboard?

What has been collected in the .access file.
"GET /lta/image/ HTTP/1.1" 200 1866 "https://web.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"

Hi all, I am getting this error and logstash keep restarting.

 logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2019-11-13 16:20:46 +08; 9s ago
 Main PID: 1290 (java)
    Tasks: 29
   Memory: 935.3M
      CPU: 43.086s
   CGroup: /system.slice/logstash.service
           └─1290 /usr/bin/java -Xms8g -Xmx8g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=

Nov 13 16:20:46 eta10 systemd[1]: Started logstash.
Nov 13 16:20:47 eta10 logstash[1290]: Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed
Nov 13 16:20:48 eta10 logstash[1290]: WARNING: An illegal reflective access operation has occurred
Nov 13 16:20:48 eta10 logstash[1290]: WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/
Nov 13 16:20:48 eta10 logstash[1290]: WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
Nov 13 16:20:48 eta10 logstash[1290]: WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
Nov 13 16:20:48 eta10 logstash[1290]: WARNING: All illegal access operations will be denied in a future release

Hi all, I have this on my "startup.options" file settings. But I run into this

No config files found in path {:path=>"/usr/share/logstash/conf.d"}

# Set a home directory
# LS_HOME=/usr/share/logstash/
LS_HOME=/etc/logstash

# logstash settings directory, the path which contains logstash.yml
# LS_SETTINGS_DIR=/usr/share/logstash/
LS_SETTINGS_DIR=/etc/logstash

# Arguments to pass to logstash
LS_OPTS="--path.settings ${LS_SETTINGS_DIR}"

# Arguments to pass to java
LS_JAVA_OPTS=""

# pidfiles aren't used the same way for upstart and systemd; this is for sysv users.
LS_PIDFILE=/var/run/logstash.pid

# user and group id to be invoked as
LS_USER=logstash
LS_GROUP=logstash

# Enable GC logging by uncommenting the appropriate lines in the GC logging
# section in jvm.options
LS_GC_LOG_FILE=/var/log/logstash/gc.log

# Open file limit
LS_OPEN_FILES=16384

# Nice level
LS_NICE=19

SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.