Hi there, i'm having issues with a recent configuration on my logstash and i can't understand why it's not working.
I have multiple configuration files running, and working. This one was working also as of a week ago, but we changed the source IP that was sending the logs, that is all, so we updated the filter in our configuration file and nothing is showinf anymore.
Pretty basic configuration, please ignore the "..." under kafka, that is working i just removed it here for clarity.
If i do a tcpdump on the port we receive the logs, the server is listeneing on the port on udp, but i never see anything via the stdout and i can't understand why. Any ideas please?
but we changed the source IP that was sending the logs, that is all, so we updated the filter in our configuration file and nothing is showinf anymore.
Most likely a firewall issue. LS doesn't filter anything which arrive to the port 10000.
Is tcpdump on the same host where is LS?
Is the UDP port 10000 correct?
Can you check did LS start listener on port 10000? by netstat and also should be visible in LS log.
You must have some trace, something is not OK.
input is simple, filter is empty, output shows rubydebug ... simpliest cannot be.
The firewall can block the traffic, if you change source address and rules were set like that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.