message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil

trying to parse a file with logstash.conf present in /usr/local/cellar/logstash/6.6.1/libexec/config directory, and i am running the command
logstash -f logstash.conf from bin folder. the logstash.conf file contents are.

input {
file {
path => "/usr/local/cellar/logstash/6.6.1/libexec/config/servicelog*"
start_position => "beginning"
sincedb_path => "/Users/yshb/"
codec => multiline {
pattern => "^EOE"
negate => "true"
what => "next"
}
}
}
filter {
mutate {
gsub => [
"message", "\n", ";"
]

}

kv {
allow_duplicate_values => false
field_split => ";"
value_split => "="
include_keys => [
"Ubid",
"PageLocale",
"ActionType",
"RequestId",
"StartTime",
"PID",
"CustomerId",
"WidgetName",
"Marketplace",
"Session",
"Time",
"program"
]
}
if [StatusCode] !~ /^5\d\d/ {
drop { }
}

date {
match => [ "StartTime", "UNIX" ]
}

}

output {
elasticsearch {
hosts => ["localhost:9200"]
index => "{{ servicelog }}"
}
stdout { codec => rubydebug }
}

the content of log files are mutiple entries of kv pairs where each entry ends with EOE. for eg.

---

name=elastic
lastname=search
EOE

name=logstash
lastname=whatever
EOE

Hi

Can you please post the full log? Normally, there should be a logmessage telling the root cause for this(like errors in pipeline).

Best regards
Wolfram

this was the error after i tried to run logstash.conf after providing the sincedb_path => "".

OK, so that's not a good error message for that problem.

What were you trying to achieve by setting sincedb_path to "". If you want to suppress the use of a persistent sincedb on disk then use "NUL" on Windows, "/dev/null" on UNIX.

Oh, and please do not post images of text, just post the text.

thank you. i have solve it there was some configuration error.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.