I am trying to config and run logstash for which I ran this command - sudo bin/logstash -e 'input { stdin {} } output { elasticsearch { hosts => [192.168.0.12:9200"] }}'
It ran and gave me this output.
Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-09-23 13:56:54.175 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-09-23 13:56:54.199 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"7.3.2"}
[ERROR] 2019-09-23 13:56:56.105 [Converge PipelineAction::Create] agent - Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, ,, ] at line 1, column 62 (byte 62) after output { elasticsearch { hosts => [192.168", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2577:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:151:ininitialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:24:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:325:inblock in converge_state'"]}
[INFO ] 2019-09-23 13:56:56.579 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2019-09-23 13:57:01.522 [LogStash::Runner] runner - Logstash shut down.
Before I could test the logstash service by writing Hello, this is Mehak after the message [INFO ] 2019-09-23 13:56:56.579 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}, it stopped within seconds. Please guide me here as I am very new to this setup.
Thanks, fixed that.
I am concerned about the correct file placements in folders.
And now I am getting this repetitive warning-
Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2019-09-23 14:29:08.648 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2019-09-23 14:29:08.669 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"7.3.2"}
[INFO ] 2019-09-23 14:29:12.109 [Converge PipelineAction::Create] Reflections - Reflections took 215 ms to scan 1 urls, producing 19 keys and 39 values
[INFO ] 2019-09-23 14:29:14.319 [[main]-pipeline-manager] elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://192.168.0.12:9200/]}}
[WARN ] 2019-09-23 14:29:24.609 [[main]-pipeline-manager] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.0.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.0.12:9200/][Manticore::ConnectTimeout] connect timed out"}
[INFO ] 2019-09-23 14:29:24.671 [[main]-pipeline-manager] elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//192.168.0.12:9200"]}
[WARN ] 2019-09-23 14:29:24.900 [[main]-pipeline-manager] LazyDelegatingGauge - A gauge metric of an unknown type (org.jruby.RubyArray) has been create for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
[INFO ] 2019-09-23 14:29:24.904 [[main]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>3, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>375, :thread=>"#<Thread:0x72d96476 run>"}
[INFO ] 2019-09-23 14:29:25.177 [[main]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[INFO ] 2019-09-23 14:29:25.403 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[INFO ] 2019-09-23 14:29:26.347 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
This is Logstash[WARN ] 2019-09-23 14:29:39.714 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.0.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.0.12:9200/][Manticore::ConnectTimeout] connect timed out"}
on[WARN ] 2019-09-23 14:29:50.735 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.0.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.0.12:9200/][Manticore::ConnectTimeout] connect timed out"}
[WARN ] 2019-09-23 14:30:01.753 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.0.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.0.12:9200/][Manticore::ConnectTimeout] connect timed out"}
[WARN ] 2019-09-23 14:30:12.776 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.0.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.0.12:9200/][Manticore::ConnectTimeout] connect timed out"}
This is Logstash
[WARN ] 2019-09-23 14:30:23.793 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.0.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.0.12:9200/][Manticore::ConnectTimeout] connect timed out"}
They are all running at localhost:9200 so I changed it in command as well which gave me this output-
[INFO ] 2019-09-23 14:55:58.251 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[INFO ] 2019-09-23 14:55:59.055 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2019-09-23 14:55:59.219 [Ruby-0-Thread-5: :1] elasticsearch - Creating rollover alias <logstash-{now/d}-000001>
[INFO ] 2019-09-23 14:56:00.404 [Ruby-0-Thread-5: :1] elasticsearch - Installing ILM policy {"policy"=>{"phases"=>{"hot"=>{"actions"=>{"rollover"=>{"max_size"=>"50gb", "max_age"=>"30d"}}}}}} to _ilm/policy/logstash-policy
I searched the http://localhost:9200/logstash-*/_search on Postman and got result as below-
{
"took": 104,
"timed_out": false,
"_shards": {
"total": 1,
"successful": 1,
"skipped": 0,
"failed": 0
},
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 1.0,
"hits": [
{
"_index": "logstash-2019.09.23-000001",
"_type": "_doc",
"_id": "1PSMX20BoEav-QC8yH-l",
"_score": 1.0,
"_source": {
"@version": "1",
"host": "osboxes",
"message": "This is Logstahs",
"@timestamp": "2019-09-23T19:15:24.205Z"
}
}
]
}
}
Does this mean my logstash is configured and running?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.