Logstash throwing Failed to execute action java.lang.IllegalStateException: error when starting the agent

Rahul_Ravichandran · November 27, 2020, 12:43pm

Hey guys

Im trying to push logs from my server to Elasticsearch endpoint through logstash.
My server is running a 2016 server OS and the im using a logstash version 7.9.0
This is my logstsh.conf file

input {
  file {
    path  => "C:/log/*"
    start_position => "beginning"
  }
}
filter {
    if [message] =~ /{.*}/ {
        grok { match => { "message" => "(?<[@metadata][json]>({.*}))"} }
        json { source => "[@metadata][json]" remove_field => [ "message" ] }
    }
}

output {	
  amazon_es {
    hosts => ["************************"]
    region => "*****"
    index => "lgst-server1-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
}

when i run this
c:\logstash\bin\logstash.bat -f c:\logstash\bin\logstash.conf
This is the output im getting

Sending Logstash logs to C:/logstash/logs which is now configured via log4j2.properties
[2020-11-27T12:30:27,546][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.9.0", "jruby.version"=>"jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 Java HotSpot(TM) 64-Bit Server VM 25.271-b09 on 1.8.0_271-b09 +indy +jit [mswin32-x86_64]"
[2020-11-27T12:30:29,609][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-11-27T12:30:36,843][INFO ][org.reflections.Reflections] Reflections took 109 ms to scan 1 urls, producing 22 keys and 45 values
url template
{:scheme=>"https", :user=>nil, :password=>nil, :host=>"URLTEMPLATE", :port=>443, :path=>nil}
[2020-11-27T12:30:43,577][INFO ][logstash.outputs.amazonelasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[<Domain endpoint>:443/]}}
[2020-11-27T12:30:43,624][INFO ][logstash.outputs.amazonelasticsearch][main] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=><Domain URL>:443/, :path=>"/"}
[2020-11-27T12:30:44,218][ERROR][logstash.agent           ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[2020-11-27T12:30:44,796][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2020-11-27T12:30:49,608][INFO ][logstash.runner          ] Logstash shut down.
[2020-11-27T12:30:49,671][ERROR][org.logstash.Logstash    ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

what am i doing wrong here . Could anyone help me out please.

Badger · November 27, 2020, 1:45pm

If you enable log.level debug do you get a more informative error message?

Rahul_Ravichandran · November 27, 2020, 2:45pm

Im sorry, how do i enable that ?

Badger · November 27, 2020, 2:48pm

You could edit logstash.yml or add --log.level debug to the command line.

Rahul_Ravichandran · November 27, 2020, 3:38pm

Actually i tried with the logstash version 7.6.2 as my other servers are running this version and it got through with no errors. Still not sure the root cause, but using logstash version 7.6.2 solved my error

PraveenKT · November 27, 2020, 4:41pm

Check the file permissions.

system · December 25, 2020, 4:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.