Logstash throwing Failed to execute action java.lang.IllegalStateException: error when starting the agent

Hey guys

  • Im trying to push logs from my server to Elasticsearch endpoint through logstash.

  • My server is running a 2016 server OS and the im using a logstash version 7.9.0

  • This is my logstsh.conf file

input {
  file {
    path  => "C:/log/*"
    start_position => "beginning"
filter {
    if [message] =~ /{.*}/ {
        grok { match => { "message" => "(?<[@metadata][json]>({.*}))"} }
        json { source => "[@metadata][json]" remove_field => [ "message" ] }

output {	
  amazon_es {
    hosts => ["************************"]
    region => "*****"
    index => "lgst-server1-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  • when i run this
    c:\logstash\bin\logstash.bat -f c:\logstash\bin\logstash.conf

  • This is the output im getting

Sending Logstash logs to C:/logstash/logs which is now configured via log4j2.properties
[2020-11-27T12:30:27,546][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.9.0", "jruby.version"=>"jruby (2.5.7) 2020-07-01 db01a49ba6 Java HotSpot(TM) 64-Bit Server VM 25.271-b09 on 1.8.0_271-b09 +indy +jit [mswin32-x86_64]"
[2020-11-27T12:30:29,609][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-11-27T12:30:36,843][INFO ][org.reflections.Reflections] Reflections took 109 ms to scan 1 urls, producing 22 keys and 45 values
url template
{:scheme=>"https", :user=>nil, :password=>nil, :host=>"URLTEMPLATE", :port=>443, :path=>nil}
[2020-11-27T12:30:43,577][INFO ][logstash.outputs.amazonelasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[<Domain endpoint>:443/]}}
[2020-11-27T12:30:43,624][INFO ][logstash.outputs.amazonelasticsearch][main] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=><Domain URL>:443/, :path=>"/"}
[2020-11-27T12:30:44,218][ERROR][logstash.agent           ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[2020-11-27T12:30:44,796][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2020-11-27T12:30:49,608][INFO ][logstash.runner          ] Logstash shut down.
[2020-11-27T12:30:49,671][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
  • what am i doing wrong here . Could anyone help me out please.

If you enable log.level debug do you get a more informative error message?

Im sorry, how do i enable that ?

You could edit logstash.yml or add --log.level debug to the command line.

Actually i tried with the logstash version 7.6.2 as my other servers are running this version and it got through with no errors. Still not sure the root cause, but using logstash version 7.6.2 solved my error

Check the file permissions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.