I'm getting a warning and an error when I try to start logstash with systemctl start logstash
:
[2020-10-05T14:01:19,067][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-10-05T14:01:19,670][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [ \\t\\r\\n], \"#\", \"input\", \"filter\", \"output\" at line 6, column 1 (byte 132) after ", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:183:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:69:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:44:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:357:in `block in converge_state'"]}
Pipelines.yml ignored on logstash running as a service - Elastic Stack / Logstash - Discuss the Elastic Stack suggests changing /etc/systemd/system/logstash.service
so that --path.settings
is no longer specified. I've done that and this is the revised service file:
[Unit]
Description=logstash
[Service]
Type=simple
User=logstash
Group=logstash
# Load env vars from /etc/default/ and /etc/sysconfig/ if they exist.
# Prefixing the path with '-' makes it try to load, but if the file doesn't
# exist, it continues onward.
EnvironmentFile=-/etc/default/logstash
EnvironmentFile=-/etc/sysconfig/logstash
ExecStart=/usr/share/logstash/bin/logstash
# "--path.settings" "/etc/logstash"
Restart=always
WorkingDirectory=/
Nice=19
LimitNOFILE=16384
# When stopping, how long to wait before giving up and sending SIGKILL?
# Keep in mind that SIGKILL on a process can cause data loss.
TimeoutStopSec=infinity
[Install]
WantedBy=multi-user.target
The error is particularly puzzling. The only reference I can find to a pipeline ID called main is in the default pipelines.yml
which is apparently being ignored. I've nevertheless changed pipelines.yml
to read thus:
# This file is where you define your pipelines. You can define multiple.
# For more information on multiple pipelines, see the documentation:
# https://www.elastic.co/guide/en/logstash/current/multiple-pipelines.html
- pipeline.id: auth0
path.config: "/etc/logstash/conf.d/auth0.conf"
where auth0.conf
is (after redaction):
input {
http {
id => "REDACTED"
user => "REDACTED"
password => "REDACTED"
port => 9000
ssl => true
ssl_certificate => "REDACTED"
ssl_key => "REDACTED"
}
}
filter {
mutate {
rename => { "_id" => "log_id" }
}
}
output {
amazon_es {
hosts => ["REDACTED"]
region => "us-east-1"
index => "REDACTED"
}
stdout {}
}
If I run logstash manually with:
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d
then it works. There isn't a detected error within auth0.conf
.