No logstash output on windows

Elastic Stack Logstash
1

Hello, I have been troubleshooting my logstash for some time now. I was following the "Parsing Logs with Logstash" tutorial for Windows and have not been able to see any output with the basic pipeline. Below is my first-pipeline.conf file:

input { 
    beats { 
        port => "5044" 
    } 
} 

 

filter { 
    grok { 
        match => { "message" => "%{COMBINEDAPACHELOG}"} 
    } 
} 

 

output { 
    stdout { codec => rubydebug } 
}

Testing and running the configuration did not show any errors, but when I debug Logstash an error starts to repeat itself:

[DEBUG][logstash.instrument.periodicpoller.cgroup] One or more required cgroup files or directories not found: /proc/self/cgroup, /sys/fs/cgroup/cpuacct, /sys/fs/cgroup/cpu

Any help is appreciated!

2

That is normal, you can ignore it. It is just a debug message.

It sounds like logstash is waiting to receive some data from a beat so that it can process it.

3

Thanks for the quick response -- Does that mean the problem is not with logstash but filebeats? Below are my changes to the filebeat.yml:

# ============================== Filebeat inputs ===============================

filebeat.inputs:

# filestream is an input for collecting log messages from files.
- type: log

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - C:/Test/logstash-tutorial.log

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

The elasticsearch output is commented out bc I saw that caused problems for other people.

4

Hello,
If you are using LOGSTASH.

You want to check logs from your computer I suggest you:

  1. Install Visual Code
  2. Download the LogStash agent (.zip)
  3. Open in Visual Code the decompress folder of logstash
  4. Create the pipeline.conf file you want to perform
  5. In Visual Code open the TERMINAL, and execute the following command that allows to display in console
 .\bin\logstash -f .\pipeline.conf --config.reload.automatic

In the pipeline.conf file configure as follows:

input { 
    beats { 
        port => "5044" 
    } 
} 

 

filter { 
    grok { 
        match => { 
               "message" => "%{GREEDYDATA:message}"
              } 
    } 
} 

 
output { 
    stdout {  } 
}
5

Hello,
if you are using FILEBEAT.

If you want to check the logs on your computer, I suggest:

  • Install visual code
  • Download the FILEBEAT agent(.zip)
  • Open in Visual Code the logstash unzip folder
  • the filebeat.yml file that you want to make
  • In Visual Code open the TERMINAL , and execute the following command that allows you to visualize in console
.\filebeat.exe -c .\filebeat.yml

You configure the filebeat.yml file as follows:

# ============================== Filebeat inputs ===============================

filebeat.inputs:
- type: beats  
  beats:
    port: 5044

If you have a specific path to bring the logs from, you enable it.

 paths:
 #   - /var/log/*.log
     c:\programdata\elasticsearch\logs\*

for the output of information by console is:

# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.
#output.stdout:
 # pretty: true
  
output.console:
  pretty: true
6

Thanks for your input Ingri. I will try that.

7

Ok, the important thing is that if you don't have a log storage path, just comment out the line and that's it.

#paths:
 #   - /var/log/*.log
  #   c:\programdata\elasticsearch\logs\*
8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.