Logstash pipeline starts and then stops with a warning

elk_of_the_forest · September 1, 2017, 2:01am

This is the error im getting when I start logstash.

[2017-08-31T18:59:33,010][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2017-08-31T18:59:33,027][INFO ][logstash.pipeline ] Pipeline main started
[2017-08-31T18:59:34,041][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2017-08-31T18:59:37,031][WARN ][logstash.agent ] stopping pipeline {:id=>"main"}

Can anyone please explain to me what this means?

magnusbaeck · September 1, 2017, 5:15am

Please show your configuration files.

elk_of_the_forest · September 1, 2017, 9:48pm

The are my logstash configuration files.

input {
beats {
port => 5044
ssl => true
ssl_certificate => "/data/sw/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/data/sw/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

elk_of_the_forest · September 2, 2017, 2:03am

If anyone could please help me that would be great thank you!

system · September 30, 2017, 2:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.