New installed Logstash not work as service

Hello!

I have installed Logstash 5 "yum install logstash" to same machine with elastic client node.
Then create simple config:

cat /etc/logstash/conf.d/nginx_input.conf

 input {
    file {
          path => "/var/log/nginx/es.log"
    }
 }
output {
     elasticsearch {
           hosts => [ "localhost:9200" ]
     }
 }

Then test:

/usr/share/logstash/bin/logstash --path.settings /etc/logstash/ -f /etc/logstash/conf.d

Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties

It's work: i can see logstash-2016.11.28 with documents. Logs in /var/log/messages

Nov 28 08:30:17 hostname kibana: {"type":"response","@timestamp":"2016-11-28T13:30:17Z","tags": ... POST /elasticsearch/_msearch 200 111ms - 9.0B"}

But then i say:# systemctl start logstash
It starts.

tail /var/log/logstash/logstash-plain.log

[2016-11-28T08:31:52,818][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::Elasticsearch", :hosts=>["localhost:9200"]}
[2016-11-28T08:31:52,823][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2016-11-28T08:31:52,825][INFO ][logstash.pipeline ] Pipeline main started
[2016-11-28T08:31:52,860][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

ps aux | grep logstash

logstash 18850 13.3 5.4 4734972 433064 ? SNsl 08:31 0:30 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplicitGC -Djava.awt.headless=true -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -Xmx1g -Xms256m -Xss2048k -Djffi.boot.library.path=/usr/share/logstash/vendor/jruby/lib/jni -Xbootclasspath/a:/usr/share/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/usr/share/logstash/vendor/jruby -Djruby.lib=/usr/share/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /usr/share/logstash/lib/bootstrap/environment.rb logstash/runner.rb --path.settings /etc/logstash

But no new index in elastic.

cat /etc/logstash/logstash.yml

path.data: "/var/lib/logstash"
path.settings: "/etc/logstash"
path.config: "/etc/logstash/conf.d"
path.logs: "/var/log/logstash"

I think, logstash does not take configs from /etc/logstash/conf.d, but i do not know how fix this.
May you help me?

Is new data arrived to the end of the log file you're monitoring? Does Logstash have read access to the file and all parent directories?

1 Like

Yes, data is arrived. o! yes. you are right :frowning:

su - logstash -s /bin/bash

Last login: Mon Nov 28 08:49:36 EST 2016 on pts/0
-bash-4.2$ ls /var/log/nginx/
ls: cannot open directory /var/log/nginx/: Permission denied

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.