Logstash not show any output

Elastic Stack Logstash
1

Hi there,
i have LS and ES are runing,but there is nothing printed in ES or LS.
this is pipeline config.

input {
file {
path => "access_log.txt"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
output {
elasticsearch {
hosts =>"localhost:9200"
}
stdout { codec => rubydebug }
}
My question is how can see the content of the file parsed.
thank you for your help

2

Try out just only debug part:

input {
     file {
          path => "access_log.txt"
     }
}
filter {
      grok {
          match => { "message" => "%{COMBINEDAPACHELOG}" }
     }
}
output {
    stdout { codec => rubydebug }
}

If still no output, remove filter, it mean something is wrong with filter and nothing match.

pts0

3

Thank you @pts0 for your answer,i removed filter but i still get nothing.
note : i have those messages on:
logstash host : localhost:9600

host: "user",
version: "5.4.0",
http_address: "127.0.0.1:9600",
id: "03de77c0-a3be-4ff8-b77a-4c37686d4165",
name: "user",
build_date: "2017-04-28T18:14:40Z",
build_sha: "0037bc8cf2e9ff169bf5a08b1946c62dbeb92f9b",
build_snapshot: false

elasticsearch host:localhost:9200

name: "node1",
cluster_name: "elasticsearch",
cluster_uuid: "kKbMy9_LRw-CcELir6KcFQ",
version: {
number: "5.4.0",
build_hash: "780f8c4",
build_date: "2017-04-28T17:43:27.229Z",
build_snapshot: false,
lucene_version: "6.5.0"
},
tagline: "You Know, for Search"

I am grateful for your help.

4

Hi,
I have a similar problem, I'm trying to debug one of my logstash inputs by sending the output using "stdout" plugin. This is not working. The logstash log remains unchanged and there are no additional logs in the directory.

Any help, Elastic?

5

when i was using it was working, but is quite a while.

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-stdout.html

maybe try plain sdtout, you may miss ruby library or somethis similar.

Can you start logstash in with high debug mode ?
bin/logstash --debug --log.level trace --config.debug
just to try, not in production

6

when i start the debug,i get those errors:

ERROR Unable to create file ${sys:ls.logs}/logstash-${sys:ls.log.format}.log java.io.IOException: La syntaxe du nom de fichier, de répertoire ou de volume est incorrecte

and in the end
No configuration file was specified. Perhaps you forgot to provide the '-f yourlogstash.conf' flag?
usage:
bin/logstash -f CONFIG_PATH [-t] [-r] [] [-w COUNT] [-l LOG]
bin/logstash -e CONFIG_STR [-t] [--log.level fatal|error|warn|info|debug|trace] [-w COUNT] [-l LOG]
bin/logstash -i SHELL [--log.level fatal|error|warn|info|debug|trace]
bin/logstash -V [--log.level fatal|error|warn|info|debug|trace]
bin/logstash --help

7

sure, i just provided the debug flags, please provide all others

8

i start this commande,i see only errors concerned log4j like this:

ERROR Unable to invoke factory method in class class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile. java.

please help.

9

where did you started it ? What your log4j config ... did u hv one ?

10

i starded it from commande line.i have no log4j.i think just the one which is embeded in logsatsh by default.

11

ok, was the wrong question, I mean in which directory are you and what is the command live u use to start.

12

i am in bin directory,i use the command:

logstash -f pipeline.conf --config.reload.automatic

13

is the file pipeline.conf in bin directory ? If not you should give the full qualified path oder relative to where you are (you probably don't need autorelad now).

14

Thank you verry much.its works now with

 input {
    beats {
       port => "5043"
    }
}

but doesn't work with

input {
     file {
          path => "access_log.txt"
     }
}
15

Probably same problem, file should be with full path, if not is not found.

16

Yes,it is possible.Thank you for your Joinability.

17

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.