Logstash stopped processing because of an error

I have followed solutions to similar topics, but none of the solutions seem to be working for my case. I have tried numerous solutions but the results when i tail logstash-plain.log is always the same which is like below.

  • logstash-plain.log
2024-04-23T09:10:51,774][INFO ][logstash.runner          ] Log4j configuration path used is: /etc/logstash/log4j2.properties
[2024-04-23T09:10:51,780][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"8.13.2", "jruby.version"=>"jruby 9.4.5.0 (3.1.4) 2023-11-02 1abae2700f OpenJDK 64-Bit Server VM 17.0.10+7 on 17.0.10+7 +indy +jit [x86_64-linux]"}
[2024-04-23T09:10:51,786][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms2g, -Xmx2g, -Djava.io.tmpdir=/opt/logstash_tmp, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED, -Dio.netty.allocator.maxOrder=11]
[2024-04-23T09:10:51,799][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
        at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:808) ~[jruby.jar:?]
        at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:767) ~[jruby.jar:?]
        at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:90) ~[?:?]
  • config
Using bundled JDK: /usr/share/logstash/jdk
/usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_int
/usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_f
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2024-04-23 09:17:39.730 [main] runner - NOTICE: Running Logstash as superuser is not recommended and won't be allowed in the future. Set 'allow_superuser' to 'false' to avoid startup errors in future releases.
[INFO ] 2024-04-23 09:17:39.762 [main] runner - Starting Logstash {"logstash.version"=>"8.13.2", "jruby.version"=>"jruby 9.4.5.0 (3.1.4) 2023-11-02 1abae2700f OpenJDK 64-Bit Server VM 17.0.10+7 on 17.0.10+7 +indy +jit [x86_64-linux]"}
[INFO ] 2024-04-23 09:17:39.768 [main] runner - JVM bootstrap flags: [-Xms2g, -Xmx2g, -Djava.io.tmpdir=/opt/logstash_tmp, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED, -Dio.netty.allocator.maxOrder=11]
[WARN ] 2024-04-23 09:17:40.316 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2024-04-23 09:17:40.322 [LogStash::Runner] configpathloader - No config files found in path {:path=>"/etc/logstash/logstash-its.conf"}
[ERROR] 2024-04-23 09:17:40.323 [LogStash::Runner] sourceloader - No configuration found in the configured sources.
Configuration OK
[INFO ] 2024-04-23 09:17:40.324 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
  • conf file
input {
  beats {
    port => 5044
  }
}

filter {
  grok {
    match => {
      "message" => [%{TIMESTAMP_ISO8601:timestamp} status (?:\"%{WORD:action}\") (?:\"%{WORD:package}\") (?:\"%{VERSION:version}\")]
    }
  }
}

output {
  elasticsearch {
    hosts => "https://elasticsearch:9200"
    index => "filebeat-test-%{+YYYY.MM.dd}"
    # user => "elastic"
    # password => "*******"
    #cacert => ""
    ssl => true
    ssl_certificate_verification => false

  }
}
  • pipelines.yml
- pipeline.id: main
  path.config: "/etc/logstash/conf.d/dpkg.conf"

That is being ignored

[LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified

You are somehow setting path.config to /etc/logstash/logstash-its.conf, and that is either empty or does not exist.

[LogStash::Runner] configpathloader - No config files found in path {:path=>"/etc/logstash/logstash-its.conf"}

It is rather strange that running logstash -t -f will result in Configuration OK when the configuration file cannot be read!

Or there are wrong permission/ownership on logstash-its.conf

1 Like

yes, i have changed the conf file name to the one i have. it is running now.