Logstash won't show output on console

Anindita_Chavan · January 14, 2020, 7:38am

This is my logstash configuration file:
<
input {
file {
path => "/home/trimslogs/trims.log"
sincedb_path => "NUL"
ignore_older => 0
}
}

filter {
grok {
match => { "message" => "([(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY:day} %{TIME:time})])([%{LOGLEVEL:type}])([%{USERNAME:application}])([%{IPV4:ip}])([%{HOSTNAME:hostname}])([%{HOSTNAME:class}])([%{USERNAME:method}])([%{BASE10NUM:linenumber}])([null])([null])([Thread[%{GREEDYDATA:threadname}]])([(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY:day} %{TIME:time})])([(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY:day} %{TIME:time})])([%{GREEDYDATA:threadname1}])([%{GREEDYDATA:error_message}])()()()()()()()()()()"}
}

}

output {
stdout { codec => rubydebug }
}

/>
When i run logstash, it won't give me output on console and remains stuck on
[INFO ] 2020-01-14 02:37:55.184 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

Kishorekolla · January 14, 2020, 8:52am

Since you are using linux, which your path suggests. Try changing sincedb_path => "/dev/null"

Anindita_Chavan · January 14, 2020, 9:00am

Hello Kishore,
Thank You for the answer. However, I'm still facing the same issue. When I ran it one time before, it worked. When I tried to run it again, it remained stuck at successfully started logstash API endpoint

Kishorekolla · January 14, 2020, 9:18am

Remove the ignore_older => 0 and try.

Anindita_Chavan · January 14, 2020, 9:30am

Thank You so much Kishore, it worked.

Kishorekolla · January 14, 2020, 10:49am

Your welcome.

Anindita_Chavan · January 14, 2020, 10:52am

Also, can you also tell me if there is some way to figure out where your grok filter is going wrong?
I ran my filter on the grok debugger here https://grokdebug.herokuapp.com/ which seems to be running fine. However, when I try to run the configuration file, I'm getting grokparsefailure

Badger · January 14, 2020, 2:48pm

My advice on debugging grok patterns can be found here.

In filebeat setting ignore_older to zero means to include everything. In logstash, setting ignore_older to zero means to exclude everything more than zero seconds old, which usually excludes everything.

Anindita_Chavan · January 14, 2020, 5:40pm

Thankyou! The explanation really helped because I’m going to configure filebeat next. I will also checkout the grok debug link. Thanks a ton.

system · February 11, 2020, 5:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
LogStash not showing output on console Logstash	2	489	October 8, 2020
Nothing outputting at all Logstash	2	389	June 19, 2017
Logstash not showing output Logstash	6	884	April 29, 2019
Logstash not show any output (again) Logstash	13	3198	July 6, 2017
Logstash not show any output Logstash	16	9682	July 6, 2017

Logstash won't show output on console

Related Topics