I am using logstash to store and analyze logs of an web application.
But some reason logstash keep failing to send data to elasticsearch.
The error message says "cannot create pipeline".
13 [2017-06-07T05:56:36,815][WARN ][logstash.shutdownwatcher ] {"inflight_count"=>0, "stalling_thread_info"=>{"other"=>[{"thread_id"=>27, "name"=>"[main]<beats", "current_call"=>"[...]/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.12-java/lib/logstash/inputs/beats.rb:213:in `run'"}, {"thread_id"=>22, "name"=>"[main]>worker0", "current_call"=>"[...]/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:136:in `synchronize'"}, {"thread_id"=>23, "name"=>"[main]>worker1", "current_call"=>"[...]/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:118:in `synchronize'"}, {"thread_id"=>24, "name"=>"[main]>worker2", "current_call"=>"[...]/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:118:in `synchronize'"}, {"thread_id"=>25, "name"=>"[main]>worker3", "current_call"=>"[...]/logstash-core/lib/logstash/util/wrapped_synchronous_queue.rb:136:in `synchronize'"}]}}
14 [2017-06-07T05:56:36,816][ERROR][logstash.shutdownwatcher ] The shutdown process appears to be stalled due to busy or blocked plugins. Check the logs for more information.
15 [2017-06-07T05:56:43,985][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, => at line 13, column 12 (byte 149) after output {\n elasticsearch {\n host => [\"localhost:9200\"]\n stdout "}
However, I do not see what makes it fail.
Follow is my configuration for logstash
input {
file {
path => "/etc/logstash/logs/log*.json"
}
}
filter {
}
output {
elasticsearch {
host => ["localhost:9200"]
stdout { codec : rubydebug }
index => "logstash"
}
}
I thought logstash will read log*.json files and send it to elasticsearch, it did not.
What should I do to fix this pipe?
FYI, I am using sebp/elk docker image to do this. So all elk are in the same container.