New installed Logstash not work as service

breezzz · November 28, 2016, 1:37pm

Hello!

I have installed Logstash 5 "yum install logstash" to same machine with elastic client node.
Then create simple config:

cat /etc/logstash/conf.d/nginx_input.conf

 input {
    file {
          path => "/var/log/nginx/es.log"
    }
 }
output {
     elasticsearch {
           hosts => [ "localhost:9200" ]
     }
 }

Then test:

/usr/share/logstash/bin/logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

It's work: i can see logstash-2016.11.28 with documents. Logs in /var/log/messages

Nov 28 08:30:17 hostname kibana: {"type":"response","@timestamp":"2016-11-28T13:30:17Z","tags": ... POST /elasticsearch/_msearch 200 111ms - 9.0B"}

But then i say:# systemctl start logstash
It starts.

tail /var/log/logstash/logstash-plain.log

[2016-11-28T08:31:52,818][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::Elasticsearch", :hosts=>["localhost:9200"]}
[2016-11-28T08:31:52,823][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2016-11-28T08:31:52,825][INFO ][logstash.pipeline ] Pipeline main started
[2016-11-28T08:31:52,860][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

ps aux | grep logstash

logstash 18850 13.3 5.4 4734972 433064 ? SNsl 08:31 0:30 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplicitGC -Djava.awt.headless=true -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -Xmx1g -Xms256m -Xss2048k -Djffi.boot.library.path=/usr/share/logstash/vendor/jruby/lib/jni -Xbootclasspath/a:/usr/share/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/usr/share/logstash/vendor/jruby -Djruby.lib=/usr/share/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /usr/share/logstash/lib/bootstrap/environment.rb logstash/runner.rb --path.settings /etc/logstash

But no new index in elastic.

cat /etc/logstash/logstash.yml

path.data: "/var/lib/logstash"
path.settings: "/etc/logstash"
path.config: "/etc/logstash/conf.d"
path.logs: "/var/log/logstash"

I think, logstash does not take configs from /etc/logstash/conf.d, but i do not know how fix this.
May you help me?

magnusbaeck · November 28, 2016, 1:46pm

Is new data arrived to the end of the log file you're monitoring? Does Logstash have read access to the file and all parent directories?

breezzz · November 28, 2016, 1:51pm

Yes, data is arrived. o! yes. you are right

su - logstash -s /bin/bash

Last login: Mon Nov 28 08:49:36 EST 2016 on pts/0
-bash-4.2$ ls /var/log/nginx/
ls: cannot open directory /var/log/nginx/: Permission denied

system · December 26, 2016, 1:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.