Strange Logstash Running Issue

AloysiusParedes · May 3, 2018, 4:36am

I have a strange issue on my ELK stack. I have ELK installed as a service that starts up as soon as my RHEL Virtual Machine (via Oracle VirtualBox) server starts. But for some reason, none of my documents are being ingested via Logstash. But when I stop the service, and manually run Logstash via:

sudo ./logstash -f /etc/logstash/conf.d/myConfig.conf --path.settings /etc/logstash/

Then the files get ingested into Elasticsearch.

Please also note that the files being ingested by Logstash are in a Shared Folder that is the path set for the file{} input in myConfig.conf. Why does it ingest okay when I run Logstash manually and not when it is run as a service?

Has anyone else run into this issue?

Christian_Dahlqvist · May 3, 2018, 4:46am

It looks like you are manually running it as root, which the service typically would not, so it might be that the ‘logstash’ user does not have access to config or data files.

AloysiusParedes · May 4, 2018, 2:43pm

That was the issue!

Fixed it by adding the "logstash" user to have permission to the shared folder:

adding: vboxsf:x:992:logstash
to: /etc/group

system · June 1, 2018, 2:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash doesnot ingest data when started as a service Logstash	6	702	October 27, 2021
Logstash not reading .conf-file when running as a service Logstash	2	645	January 10, 2018
Logstash not ingesting data to elasticsearch when run as daemon Logstash	1	453	March 28, 2019
Logstash as service not reading log files Logstash	2	20	July 25, 2024
Data ingestion got stuck though the Logstash pipelines are running Logstash	1	381	June 22, 2021

Strange Logstash Running Issue

Related topics