I started Logstash(version 5.2) as service in ubuntu 14.04.When I check Logstash status, it is showing as running.But no messages are appended in Logstash log file(/var/log/logstash/logstash-plain.log saying that it is started, nor it processes events.When I uninstalled Logstash package and reinstalled the same, it worked initially then it shows the same behaviour .Could any one please help me on this.
Providing your config would be helpful 
In my 'logstash.yml' I have '/etc/logstash/conf.d' as value for path.config parameter and I have single configuration file in conf.d directory.I appended a '' to make it '/etc/logstash/conf.d/'.Still it is not working.I don't understand why it worked first time after reinstallation.
My configuration is :
input {
udp {
port => "2048"
codec => multiline {
pattern => "^["
negate => true
what => previous
}
}
}
filter {
mutate {
gsub => ["message","\n"," "]
}
grok {
match => {"message"=>"[**]%{IP:host} %{WORD:name} %{WORD:place} %{NUMBER:pincode}"}
}
}
output {
stdout {codec => json}
}
You really don't want to use the multiline codec with the udp input. Move the multiline processing closer to the source.
With your configuration, message #1 won't be processed until Logstash sees the beginning of message #2. This might be why you're not seeing anything.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.