Logstash not started after change path.logs

Elastic Stack Logstash
1

Hi all!
I am newbie in ES\logstash and etc.
I installed ELK on Windows Server 2022 and if I not change logstash.yml - logstash starting and I got "Starting server on port..."
But if I change section path

log.level: warn
path.logs: c:/Logging/logstash/

Logstash freezes on
[WARN ][logstash.filters.grok ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available

and nothing else happens.
I run it in cmd console as administrator
Thanks in advance!

2

Welcome to the community!

I don't problem is related to ECS. You can use regular backslashes in logstash.yml.

path.logs: c:\Logging\logstash\

Can you provide more details from the log?

3

Thanks for reply
Logstash log

[2024-03-18T18:27:04,149][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2024-03-18T18:27:05,868][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2024-03-18T18:27:05,870][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
[2024-03-18T18:27:05,877][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated

In console output:

"Using bundled JDK: C:\LogSolution\logstash\jdk\bin\java.exe"
C:/LogSolution/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_int
C:/LogSolution/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_f
Sending Logstash logs to c:\Logging\logstash which is now configured via log4j2.properties
[2024-03-18T18:27:04,149][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
C:/LogSolution/logstash/vendor/bundle/jruby/3.1.0/gems/amazing_print-1.5.0/lib/amazing_print/formatter.rb:37: warning: previous definition of cast was here
[2024-03-18T18:27:05,868][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2024-03-18T18:27:05,870][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
[2024-03-18T18:27:05,877][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated
4

You have set to WARN so you will not see INFO events if you want to see INFO events then set to info or take out that setting ...

The starting on port etc... is INFO

1 Like
5

Oops...
Sorry, I've been inattentive.
Thank you!

1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.