I've been reading many posts about adjusting /etc/sysconfig/logstash or /etc/init.d/logstash files for some settings.
I can't find any of those files in any of those directories. When I start Logstash it works. Moreso, I can't stop it. funny right? Every time I issue stop command it continues to send logs. I was working on logstash.conf and ended up deleting the file. What do I see in Kibana?! Logs just as they've been before I made any changes. Even after I kill all of the Logstash processes, it is still there.
Can anyone suggest why I don't find those files? And what is up with Logstash?!
I installed it on RHEL 6 using repository (sudo install..) not via rpm package
.
When I start it I do "sudo initctl start logstash". It starts but no logs parsed to elasticsearch. And log files in /var/log are empty.
When I do "sudo /bin/logstash -f /etc/logstash/conf.d/logstash.conf" it starts and I see logs coming in.
I tried to configure it for autostart and it wouldn't work. Seems that the only way to start it is by issuing g above command "sudo /bin/logstash..."
That's when it keeps sending logs even when I issue "sudo initctl stop logstash" or if I kill the process.
I'm a bit confused. And I couldn't find the sysconfig file or one in init.d. I see ones for elasticsearch but not logstash. I tried to set logs to verbose.
I created new test vm using RHEL 7 and installed ELK stack again following the documentation. I'm experiencing the same issue. Logstash starts but I can't locate those files.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.