Hello,
I have created a rather complex Logstash config using various plugins.
I have noticed that Logstash normally produces the following entries in /var/log/logstash/logstash-plain.log:
[2017-03-24T20:01:05,639][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>250} [2017-03-24T20:01:05,643][INFO ][logstash.pipeline ] Pipeline main started
[2017-03-24T20:01:05,713][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
Nevertheless, there are cases where Logstash seems not to be able to start a pipeline and keeps retrying (i.e. logs are starting over).
In those cases the first two entries mentioned above (in bold) are completely missing.
No errors are logged, therefore I cannot understand what the issue mught be.
Any help?
Hi! I am using Ubuntu 14.04 version vm and have installed Elasticsearch 5.2.2 and Logstash 5.2.2.
I used https://www.elastic.co/guide/en/logstash/current/installing-logstash.html to install logstash using apt-get.
I have started elasticsearch and logstash as service but when I try to run ./logstash "Pipeline main started" isnt appearing in the console. When I check /var/logs/logstash/logstash.err I am not able to see any logs. My default Logstash directory is not /opt/logstash. It is /usr/share/logstash. Not able to find what am I doing wrong. Sorry but I am new to ELK and I might be missing something obvious. Please help.
You can verify your config as such:
--config.debug
Show the fully compiled configuration as a debug log message (you must also have --log.level=debug enabled). WARNING: The log message will include any password options passed to plugin configs as plaintext, and may result in plaintext passwords appearing in your logs!
... and see what it tells you. You can add -l <log_file> to capture the output in a log file and just "tail -f" the log file.
Post your output if you continue to have issues or if you remove the pipeline.max_inflight argument from your startup script and it resolves the issue, feel free to post as well
@suyograo : I'm using Logstash 5.2.1 under CentOS 7. There is no *.err log file generated though; all output is logged under /var/log/logstash/logstash-plain.log
@laangarita : I am worried about the pipeline.max_inflight mentioned in the logs as well. Nevertheless, I am using the default logstash.yml and there is no explicit specification of this flag.
Anyway, I have enabled the debug parameter and logs are getting temporarily stuck at:
This pipeline from the link assumes that you have data being sent to your logstash instance to get some sort of output. Have you tried adding the --debg flag to your command? If so, do you get anything?
The issue was due to an extra parenthesis in the code part of the Aggregate filter plugin.
I am wondering why I never got a syntax error during startup.
I suggest @raorashmi to also perform a syntax check in any ruby code she might be using.
In the meantime, anyone having access could file a report for investigating why the Aggregate filter plugin either does not perform Ruby syntax check or suppresses the error
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.