Logstash pipeline starts and then stops with a warning


(elk of the forest) #1

This is the error im getting when I start logstash.

[2017-08-31T18:59:33,010][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2017-08-31T18:59:33,027][INFO ][logstash.pipeline ] Pipeline main started
[2017-08-31T18:59:34,041][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2017-08-31T18:59:37,031][WARN ][logstash.agent ] stopping pipeline {:id=>"main"}

Can anyone please explain to me what this means?


(Magnus Bäck) #2

Please show your configuration files.


(elk of the forest) #3

The are my logstash configuration files.

input {
beats {
port => 5044
ssl => true
ssl_certificate => "/data/sw/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/data/sw/pki/tls/private/logstash-forwarder.key"
}
}

filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}

output {
elasticsearch {
hosts => ["localhost:9200"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}


(elk of the forest) #4

If anyone could please help me that would be great thank you!


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.