Logstash.stdout

pierrejnelson · March 22, 2016, 7:54pm

Would anyone happen to know what makes this file. I need to move it to where I have all my space but I can't seem to find it.

magnusbaeck · March 22, 2016, 8:47pm

A correctly configured Logstash should produce a very small /var/log/logstash.stdout. Have a look in your init script. The init scripts that ship with Logstash's RPM and Debian packages lets the newly started Logstash daemon write to logstash.stdout until it switches over to its own log file.

pierrejnelson · March 22, 2016, 9:45pm

I found where to change it at but this how big this has gotten in an hour

corp-netlog-live01:/data/log/logstash # ls -ltrh
total 1.7G
-rw-r--r-- 1 root root 0 Mar 22 15:40 logstash.err
-rw-r--r-- 1 logstash logstash 799K Mar 22 16:30 logstash.log
-rw-r--r-- 1 root root 1.7G Mar 22 16:44 logstash.stdout

warkolm · March 22, 2016, 10:26pm

Have a look at it, what's in there?

pierrejnelson · March 23, 2016, 12:31pm

corp-netlog-live01:/data/log/logstash # ls -ltrh
total 15G
-rw-r--r-- 1 root root 0 Mar 22 15:40 logstash.err
-rw-r--r-- 1 logstash logstash 3.0M Mar 23 07:22 logstash.log
-rw-r--r-- 1 root root 15G Mar 23 07:28 logstash.stdout

This is what I seen in there.

{
"message" => [
[0] "Mar 23 07:30:26 xxx.xxx.xxx.xxx %FWSM-6-303002: xxx.xxx.xxx.xxx Retrieved xxx.xxx.xxx.xxx20160221",
[1] " xxx.xxx.xxx.xxx Retrieved xxx.xxx.xxx.xxx:20160221"
],
"@version" => "1",
"@timestamp" => "2016-03-23T12:30:26.000Z",
"type" => "syslog",
"file" => "/var/log/remote/full-feed/full-feed.log",
"host" => "#########",
"offset" => "2733054399",
"timestamp" => "Mar 23 07:30:26",
"logsource" => "xx.xx.xx.xx",
"program" => "%FWSM-6-303002"
}

corp-netlog-live01:/data/log/logstash # tail -5 logstash.log
{:timestamp=>"2016-03-23T07:32:51.525000-0500", :message=>"retrying failed action with response code: 429", :level=>:warn}
{:timestamp=>"2016-03-23T07:32:51.526000-0500", :message=>"retrying failed action with response code: 429", :level=>:warn}
{:timestamp=>"2016-03-23T07:32:51.526000-0500", :message=>"retrying failed action with response code: 429", :level=>:warn}
{:timestamp=>"2016-03-23T07:32:51.527000-0500", :message=>"retrying failed action with response code: 429", :level=>:warn}
{:timestamp=>"2016-03-23T07:32:51.527000-0500", :message=>"retrying failed action with response code: 429", :level=>:warn}

magnusbaeck · March 23, 2016, 1:48pm

It looks like you have a stdout { codec => rubydebug } output in your configuration. Perhaps you should remove it.

pierrejnelson · March 23, 2016, 1:51pm

That fixed it

Sending logstash logs to /data/log/logstash/logstash.log.

Thank you so much for your help.

Topic		Replies	Views
Why do logstash's internal logs and stdout end up in /var/log/messages? Logstash	3	9501	June 1, 2019
Why logstash.err and logstash.stdout are created with root privileges? Logstash	3	1511	July 6, 2017
Std out without output configured Logstash	3	474	July 6, 2017
Logstash Output Not Working For File Input Logstash	6	3244	July 6, 2017
Where is logstash.stdout for v5.2? Logstash	3	988	April 6, 2017

Logstash.stdout

Related topics