hello
when i use this command bin/logstash -f /etc/logstash/conf.d/apache.conf
i get this error :
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2022-05-13 14:16:54.064 [main] runner - Starting Logstash {"logstash.version"=>"7.17.3", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.14.1+1 on 11.0.14.1+1 +indy +jit [linux-x86_64]"}
[INFO ] 2022-05-13 14:16:54.109 [main] runner - JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true]
Your settings are invalid. Reason: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.
[FATAL] 2022-05-13 14:16:54.290 [main] Logstash - Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.20.1.jar:?]
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.20.1.jar:?]
at usr.share.logstash.lib.bootstrap.environment.(/usr/share/logstash/lib/bootstrap/environment.rb:94) ~[?:?]
Elasticsearch config :
network.host: 127.0.0.1
By default Elasticsearch listens for HTTP traffic on the first free port it
finds starting at 9200. Set a specific HTTP port here:
http.port: 9200
For more information, consult the network module documentation.
--------------------------------- Discovery ----------------------------------
Pass an initial list of hosts to perform discovery when this node is started:
#The default list of hosts is ["192.168.100.200", "[::1]"]
#discovery.seed_hosts: ["host1", "host2"]
discovery.type: single-node
Bootstrap the cluster using an initial set of master-eligible nodes:
kibana config :
server.port: 5601
Specifies the address to which the Kibana server will bind. IP addresses and >
The default is 'localhost', which usually means remote machines will not be a>
To allow connections from remote users, set this parameter to a non-loopback >
server.host: "0.0.0.0"
The URLs of the Elasticsearch instances to use for all your queries.
Elasticsearch.hosts: ["http://0.0.0.0:9200"]
apache config :
input {
file { path => "/var/log/apache2/access.log","/var/log/apache2/error.log" }
type =>"apache2"
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
overwrite=> ["message"] }
date {
match => [ "timestamp", "dd/MMM/yyyy:HH:mm:ss Z" ]
}
mutate {
convert => {
"response" => "integer"
"bytes" => "integer"
}
}
}
output {
Elasticsearch {
hosts => "0.0.0.0:9200"
index => "apache-%{+YYYY.MM.dd}"
document_type ==> "apache_logs"
}
}