Logstash won't show output on console

Anindita_Chavan · January 14, 2020, 7:38am

This is my logstash configuration file:
<
input {
file {
path => "/home/trimslogs/trims.log"
sincedb_path => "NUL"
ignore_older => 0
}
}

filter {
grok {
match => { "message" => "([(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY:day} %{TIME:time})])([%{LOGLEVEL:type}])([%{USERNAME:application}])([%{IPV4:ip}])([%{HOSTNAME:hostname}])([%{HOSTNAME:class}])([%{USERNAME:method}])([%{BASE10NUM:linenumber}])([null])([null])([Thread[%{GREEDYDATA:threadname}]])([(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY:day} %{TIME:time})])([(?%{YEAR}-%{MONTHNUM}-%{MONTHDAY:day} %{TIME:time})])([%{GREEDYDATA:threadname1}])([%{GREEDYDATA:error_message}])()()()()()()()()()()"}
}

}

output {
stdout { codec => rubydebug }
}

/>
When i run logstash, it won't give me output on console and remains stuck on
[INFO ] 2020-01-14 02:37:55.184 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

Kishorekolla · January 14, 2020, 8:52am

Since you are using linux, which your path suggests. Try changing sincedb_path => "/dev/null"

Anindita_Chavan · January 14, 2020, 9:00am

Hello Kishore,
Thank You for the answer. However, I'm still facing the same issue. When I ran it one time before, it worked. When I tried to run it again, it remained stuck at successfully started logstash API endpoint

Kishorekolla · January 14, 2020, 9:18am

Remove the ignore_older => 0 and try.

Anindita_Chavan · January 14, 2020, 9:30am

Thank You so much Kishore, it worked.

Kishorekolla · January 14, 2020, 10:49am

Your welcome.

Anindita_Chavan · January 14, 2020, 10:52am

Also, can you also tell me if there is some way to figure out where your grok filter is going wrong?
I ran my filter on the grok debugger here https://grokdebug.herokuapp.com/ which seems to be running fine. However, when I try to run the configuration file, I'm getting grokparsefailure

Badger · January 14, 2020, 2:48pm

My advice on debugging grok patterns can be found here.

In filebeat setting ignore_older to zero means to include everything. In logstash, setting ignore_older to zero means to exclude everything more than zero seconds old, which usually excludes everything.

Anindita_Chavan · January 14, 2020, 5:40pm

Thankyou! The explanation really helped because I’m going to configure filebeat next. I will also checkout the grok debug link. Thanks a ton.

system · February 11, 2020, 5:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot get any output Logstash	7	616	June 7, 2017
Logstash not giving output log events on console Logstash	3	2437	July 25, 2018
LogStash not showing output on console Logstash	2	490	October 8, 2020
Nothing outputting at all Logstash	2	389	June 19, 2017
Logstash not showing output Logstash	6	886	April 29, 2019

Logstash won't show output on console

Related topics