Logstash Pipeline Main Started, yet no output

Rohit_Shukla · July 13, 2016, 6:10am

Hi,
Yesterday I was able to read the file sent it to Elasticsearch and view it in Kibana using below config:

input {
    file {
        path => "C:/ELK/logstash/bin/data/TestSysData"
        start_position => beginning 
    }
}

filter {
  multiline {
        pattern => "^\A%{SYSLOG5424SD}"
        negate => true
        what => previous
  }
  grok{
         match => { "message" => "\A%{JAVALOGMESSAGE}"}
  }
}

output {
  stdout { codec => rubydebug }
}

Today I tried to ran the same config again to read older as well as newer file - all i get is "Pipeline main started" and nothing happens.
Things I already tried:

setting ignore_older and sincedb_path => "NUL" in input.
manually pressing ENTER at end of log file so logstash gets the file end (lot if online resources talked about this)

This worked flawless since I started learning logstash a week ago but this abrupt break is derailing me.

magnusbaeck · July 13, 2016, 6:12am

Increase logging verbosity by starting Logstash with --verbose or even --debug will provide clues.

Rohit_Shukla · July 13, 2016, 6:40am

Well, -v or -verbose were not helpful

But in vis --debug I saw few line kept repeating itself
←[36mPushing flush onto pipeline {:level=>:debug, :file=>"/ELK/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.3-java/lib/logstash/pipeline.rb", :line=>"458", :method=>"flush"}←[0m
←[36mPushing flush onto pipeline {:level=>:debug, :file=>"/ELK/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.3-java/lib/logstash/pipeline.rb", :line=>"458", :method=>"flush"}←[0m
←[36mPushing flush onto pipeline {:level=>:debug, :file=>"/ELK/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.3.3-java/lib/logstash/pipeline.rb", :line=>"458", :method=>"flush"}←[0m
←[36m_globbed_files: C:/ELK/logstash/bin/data/new5.log: glob is: [] {:level=>:debug, :file=>"/ELK/logstash/vendor/bundle/jruby/1.9/gems/filewatch-0.8.1/lib/filewatch/watch.rb", :line=>"346", :method
=>"_globbed_files"}←[0m

entire debug info here:
Doc

magnusbaeck · July 13, 2016, 7:18am

_globbed_files: C:/ELK/logstash/bin/data/new5.log: glob is: [] {:level=>:debug, :file=>"/ELK/logstash/vendor/bundle/jruby/1.9/gems/filewatch-0.8.1/lib/filewatch/watch.rb", :line=>"346", :method =>"_globbed_files"}

Logstash doesn't think C:/ELK/logstash/bin/data/new5.log exists. Either that's the case or lack of permissions is stopping Logstash from accessing one of the directories leading up to the file.

Rohit_Shukla · July 13, 2016, 9:09am

Oh that is so silly of me.

I messed up the file extension name. Fixed and working as before,

Thanks