Logstash not started after change path.logs

Exdar · March 18, 2024, 2:35pm

Hi all!
I am newbie in ES\logstash and etc.
I installed ELK on Windows Server 2022 and if I not change logstash.yml - logstash starting and I got "Starting server on port..."
But if I change section path

log.level: warn
path.logs: c:/Logging/logstash/

Logstash freezes on
[WARN ][logstash.filters.grok ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available

and nothing else happens.
I run it in cmd console as administrator
Thanks in advance!

Rios · March 18, 2024, 3:02pm

Welcome to the community!

I don't problem is related to ECS. You can use regular backslashes in logstash.yml.

path.logs: c:\Logging\logstash\

Can you provide more details from the log?

Exdar · March 18, 2024, 3:29pm

Thanks for reply
Logstash log

[2024-03-18T18:27:04,149][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2024-03-18T18:27:05,868][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2024-03-18T18:27:05,870][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
[2024-03-18T18:27:05,877][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated

In console output:

"Using bundled JDK: C:\LogSolution\logstash\jdk\bin\java.exe"
C:/LogSolution/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_int
C:/LogSolution/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_f
Sending Logstash logs to c:\Logging\logstash which is now configured via log4j2.properties
[2024-03-18T18:27:04,149][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
C:/LogSolution/logstash/vendor/bundle/jruby/3.1.0/gems/amazing_print-1.5.0/lib/amazing_print/formatter.rb:37: warning: previous definition of cast was here
[2024-03-18T18:27:05,868][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@localhost:9200/"}
[2024-03-18T18:27:05,870][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
[2024-03-18T18:27:05,877][WARN ][logstash.filters.grok    ][main] ECS v8 support is a preview of the unreleased ECS v8, and uses the v1 patterns. When Version 8 of the Elastic Common Schema becomes available, this plugin will need to be updated

stephenb · March 18, 2024, 3:35pm

You have set to WARN so you will not see INFO events if you want to see INFO events then set to info or take out that setting ...

The starting on port etc... is INFO

Exdar · March 18, 2024, 3:43pm

Oops...
Sorry, I've been inattentive.
Thank you!

system · April 15, 2024, 3:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.