I have used the following command ,
bin/logstash -f "/etc/logstash/conf.d/first-pipeline.conf" --path.settings=/etc/logstash
However the system just shows the following message and then nothing happens
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
The contents of first-pipeline.conf is as follows:
input
{
file
{
path => "/var/log/elasticsearch/app1.log"
sincedb_path => "/dev/null"
start_position => "beginning"
type => "doc"
}
}
filter
{
grok
{
match => [ "message", "\[%{TIMESTAMP_ISO8601:timestamp}\]\[%{DATA:loglevel}%{SPACE}\]\[%{DATA:source}%{SPACE}\]%{SPACE}(?<message>(.|\r|\n)*)" ]
}
}
output
{
stdout
{
codec => rubydebug
}
}
The logstash log file has the following content
[ 2018-08-13T02:34:37,744][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2018-08-13T02:34:37,927][INFO ][logstash.pipeline ] Pipeline main started
[2018-08-13T02:34:37,995][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-08-13T02:48:53,139][WARN ][logstash.runner ] SIGINT received. Shutting down the agent.
[2018-08-13T02:48:53,144][WARN ][logstash.agent ] stopping pipeline {:id=>"main"}
[2018-08-13T02:49:08,903][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2018-08-13T02:49:09,156][INFO ][logstash.pipeline ] Pipeline main started
[2018-08-13T02:49:09,256][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[root@bdl02node02 logstash]# cat logstash-plain.log
[2018-08-13T02:34:37,744][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2018-08-13T02:34:37,927][INFO ][logstash.pipeline ] Pipeline main started
[2018-08-13T02:34:37,995][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-08-13T02:48:53,139][WARN ][logstash.runner ] SIGINT received. Shutting down the agent.
[2018-08-13T02:48:53,144][WARN ][logstash.agent ] stopping pipeline {:id=>"main"}
[2018-08-13T02:49:08,903][INFO ][logstash.pipeline ] Starting pipeline {"id"=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>5, "pipeline.max_inflight"=>500}
[2018-08-13T02:49:09,156][INFO ][logstash.pipeline ] Pipeline main started
[2018-08-13T02:49:09,256][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
Any suggestions please?