I have logs from GitLab installed on Kubernetes. Amongst other pods, there is Sidekiq which has a very peculiar structure of logs - it gathers multiple files that all then go into the stdout (see example at the end or official documentation). I want to gather all these logs by Filebeat, send them to Logstash and process them in a sane way (parse JSONs, get important data from line logs, etc. Also, I would like to add info about the original file) and send the output to elasticsearch.
However, I am struggling with how to do that - as a newbie regarding Logstash I am not sure how it works under the hood - and so far, I was able to come up only with grok that matches line with the file name.
From one perspective it should be relatively easy - I just need to use some sort of a state to mark which file is being processed in the log stream but in the first place I am not sure if Filebeat somehow passes information about the stream to Logstash (important to distinguish from which pod logs came) and secondly whether Logstash allows this state-based processing of log stream.
Is it possible to parse these logs and add the original filename as a field this state-based way? Could you possibly point me in the right direction?
filter {
grok {
match => {"message" => "\*\*\* %{PATH:file} \*\*\*"}
}
if [file] == "/var/log/gitlab/production_json.log" {
json {
match => { ... }
}
}
else if [file] == "/var/log/gitlab/application_json.log" {
grok {
match => { ... }
}
}
}
Please notice that even for each file, there might be multiple types of logs (/var/log/gitlab/sidekiq_exporter.log)
*** /var/log/gitlab/application.log ***
2020-11-18T10:08:28.568Z: Cannot obtain an exclusive lease for Namespace::AggregationSchedule. There must be another instance already in execution.
*** /var/log/gitlab/application_json.log ***
{"severity":"ERROR","time":"2020-11-18T10:08:28.568Z","correlation_id":"BsVuSTdkM45","message":"Cannot obtain an exclusive lease for Namespace::AggregationSchedule. There must be another instance already in execution."}
*** /var/log/gitlab/sidekiq_exporter.log ***
[2020-11-18T10:08:32.076+0000] 10.103.149.75 - - [18/Nov/2020:10:08:32 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:08:42.076+0000] 10.103.149.75 - - [18/Nov/2020:10:08:42 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:08:43.771+0000] 10.103.149.75 - - [18/Nov/2020:10:08:43 UTC] "GET /liveness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:08:52.076+0000] 10.103.149.75 - - [18/Nov/2020:10:08:52 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:02.076+0000] 10.103.149.75 - - [18/Nov/2020:10:09:02 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:12.076+0000] 10.103.149.75 - - [18/Nov/2020:10:09:12 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:22.076+0000] 10.103.149.75 - - [18/Nov/2020:10:09:22 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:32.076+0000] 10.103.149.75 - - [18/Nov/2020:10:09:32 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:42.076+0000] 10.103.149.75 - - [18/Nov/2020:10:09:42 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:43.771+0000] 10.103.149.75 - - [18/Nov/2020:10:09:43 UTC] "GET /liveness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:09:52.076+0000] 10.103.149.75 - - [18/Nov/2020:10:09:52 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:10:02.076+0000] 10.103.149.75 - - [18/Nov/2020:10:10:02 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:10:12.076+0000] 10.103.149.75 - - [18/Nov/2020:10:10:12 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
2020-11-18T10:10:15.783Z 10 TID-oslmgxbxm PagesDomainSslRenewalCronWorker JID-e4891c8d6d57d73f401da697 INFO: start
2020-11-18T10:10:15.807Z 10 TID-oslmgxbxm PagesDomainSslRenewalCronWorker JID-e4891c8d6d57d73f401da697 INFO: done: 0.024 sec
[2020-11-18T10:10:22.076+0000] 10.103.149.75 - - [18/Nov/2020:10:10:22 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:10:32.076+0000] 10.103.149.75 - - [18/Nov/2020:10:10:32 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:10:42.076+0000] 10.103.149.75 - - [18/Nov/2020:10:10:42 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:10:43.771+0000] 10.103.149.75 - - [18/Nov/2020:10:10:43 UTC] "GET /liveness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
*** /var/log/gitlab/application_json.log ***
{"severity":"ERROR","time":"2020-11-18T10:49:11.565Z","correlation_id":"H9wDObekY74","message":"Cannot obtain an exclusive lease for Ci::PipelineProcessing::AtomicProcessingService. There must be another instance already in execution."}
*** /var/log/gitlab/application.log ***
2020-11-18T10:49:11.564Z: Cannot obtain an exclusive lease for Ci::PipelineProcessing::AtomicProcessingService. There must be another instance already in execution.
2020-11-18T10:49:11.828Z 10 TID-gn2cjsz0a ProjectServiceWorker JID-ccb9b5b0f74ced684e15af75 INFO: done: 0.275 sec
2020-11-18T10:49:11.835Z 10 TID-gn2dwudy2 Namespaces::ScheduleAggregationWorker JID-7db9fe9200701bbc7dc7360c INFO: start
2020-11-18T10:49:11.844Z 10 TID-gn2dwudy2 Namespaces::ScheduleAggregationWorker JID-7db9fe9200701bbc7dc7360c INFO: done: 0.009 sec
2020-11-18T10:49:11.888Z 10 TID-oslmgxbxm ArchiveTraceWorker JID-999cc768143b644d051cfe82 INFO: done: 0.21 sec
*** /var/log/gitlab/sidekiq_exporter.log ***
[2020-11-18T10:49:12.076+0000] 10.103.149.75 - - [18/Nov/2020:10:49:12 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:49:22.076+0000] 10.103.149.75 - - [18/Nov/2020:10:49:22 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:49:32.076+0000] 10.103.149.75 - - [18/Nov/2020:10:49:32 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
[2020-11-18T10:49:42.076+0000] 10.103.149.75 - - [18/Nov/2020:10:49:42 UTC] "GET /readiness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
2020-11-18T10:49:43.216Z 10 TID-gn2cjsz0a Namespaces::RootStatisticsWorker JID-c277b38f3daa09648934d99f INFO: start
2020-11-18T10:49:43.243Z 10 TID-gn2cjsz0a Namespaces::RootStatisticsWorker JID-c277b38f3daa09648934d99f INFO: done: 0.027 sec
[2020-11-18T10:49:43.771+0000] 10.103.149.75 - - [18/Nov/2020:10:49:43 UTC] "GET /liveness HTTP/1.1" 200 15 "-" "kube-probe/1.17+"
You can give all the logs path in filebeat.yml for filebeat to read the logs and send it to logstash.
Example filebeat.yml for gitlab:
###################### Filebeat Configuration Example #########################
#=========================== Filebeat inputs =============================
filebeat.inputs:
-
paths:
- /var/log/gitlab/gitlab-rails/application_json.log
fields:
- type: gitlab-application-json
fields_under_root: true
encoding: utf-8
-
paths:
- /var/log/gitlab/sidekiq_exporter.log
fields:
- type: gitlab-sidekiq-exporter
fields_under_root: true
encoding: utf-8
-
paths:
- /var/log/gitlab/gitlab-rails/api_json.log
fields:
- type: gitlab-api-json
fields_under_root: true
encoding: utf-8
-
paths:
- /var/log/gitlab/gitlab-rails/application.log
fields:
- type: gitlab-application
fields_under_root: true
encoding: utf-8
#============================= Filebeat modules ===============================
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["10.127.55.155:5066"]
#================================ Processors =====================================
# Configure processors to enhance or manipulate events generated by the beat.
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
Now, in logstash, you can create different grok pattern to filter these logs.
Here is a sample logstash.yml,
input {
beats {
port => "5066"
}
}
filter {
if [type] == "gitlab-sidekiq-exporter" {
grok {
match => { "message" => "\[%{TIMESTAMP_ISO8601:timestamp}\] %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[(?<timestamp>%{MONTHDAY}/%{MONTH}/%{YEAR}\:%{TIME}) %{TZ:timezone}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}" }
overwrite => [ "message" ]
}
}
filter {
mutate {
remove_tag => [
"_grokparsefailure"
]
}
}
output {
#filtered logs are getting indexed in elasticsearch
elasticsearch {
hosts => ["10.127.55.155:9200"]
user => elastic
password => elastic
action => "index"
index => "gitlab"
}
stdout { codec => rubydebug } #filtered logs can be seen as console output as well, you can comment this out as well, this is for debugging purpose only
}
Note: The beat input port in logstash.yml should be same, as given in output.logstash in filebeat.yml
You can append the logstash.yml for filtering out application_json.log and application.log similar to that of sidekiq_exporter.log
For creating and validating grok pattern to filter the logs, you can use online Grok Debugger.
Here, I have used the Grok Debugger to create a pattern for filtering sidekiq_exporter.log
Pattern: %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}
Related
I'm using gunicorn to run a fastapi script, the access log file were created using the gunicorn.conf.py with accesslog yet it will not apply the access_log_format. I tried this apply this example from the github and is still not working
My gunicorn.conf.py
accesslog = '/home/ossbod/chunhueitest/supervisor_log/accesslog.log'
loglevel = 'info'
access_log_format = '%(h)s %(l)s %(t)s "%(r)s" %(s)s %(q)s %(b)s "%(f)s" "%(a)s" %(M)s'
The result I got
<IP>:54668 - "GET /docs HTTP/1.1" 200
<IP>:54668 - "GET /openapi.json HTTP/1.1" 200
<IP>:54668 - "POST /api/v1/add_user HTTP/1.1" 201
How can i get the format to apply to the log?
I am trying to use Node.js to read phoenix channels using npm package phoenix-channels. Phoenix channels are multiplexed on top of websockets. I'm using an NGINX proxy in front of my phoenix webserver, so for NGINX, it's just a websocket.
Phoenix channels work fine going to a web page, as you can see here (you'll see data coming through in the web page).
It also works fine from nodejs on my internal network:
test_chan.js (with explicit IP and port):
const { Socket } = require('phoenix-channels')
let socket = new Socket("https://192.168.1.113:4445/socket")
socket.connect()
// Now that you are connected, you can join channels with a topic:
let channel = socket.channel("room:lobby", {})
channel.on("new_msg", payload => {
console.log(`${payload.body}`);
});
channel.join()
.receive("ok", resp => { console.log("Joined successfully", resp) })
.receive("error", resp => { console.log("Unable to join", resp) })
However if I replace the explicity IP:PORT address with the domain name, and run it from externally, it doesn't work (the only difference here from the script above is the URL):
test_chan.js (through domain name, and via my NGINX proxy):
const { Socket } = require('phoenix-channels')
let socket = new Socket("https://suprabonds.com/socket")
socket.connect()
// Now that you are connected, you can join channels with a topic:
let channel = socket.channel("room:lobby", {})
channel.on("new_msg", payload => {
console.log(`${payload.body}`);
});
channel.join()
.receive("ok", resp => { console.log("Joined successfully", resp) })
.receive("error", resp => { console.log("Unable to join", resp) })
So the suprabonds.com websockets works fine in a browser through the proxy, but doesn't work as a nodejs script.
Here is my nginx conf for suprabonds.com:
sites-enabled relevant server section:
server {
server_name suprabonds.com www.suprabonds.com;
location / {
proxy_pass http://localhost:4445;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/suprabonds.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/suprabonds.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Any idea as to what I'm doing wrong?
EDIT
Here are the /var/log/nginx/access.log latest entries:
86.143.74.170 - - [22/Apr/2021:15:52:56 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:52:58 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:53:03 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:53:08 +0000] "GET /phoenix/live_reload/socket/websocket?vsn=2.0.0 HTTP/1.1" 101 143 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0"
86.143.74.170 - - [22/Apr/2021:15:53:08 +0000] "GET /socket/websocket?token=undefined&vsn=2.0.0 HTTP/1.1" 101 113098 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0"
86.143.74.170 - - [22/Apr/2021:15:53:19 +0000] "GET /phoenix/live_reload/socket/websocket?vsn=2.0.0 HTTP/1.1" 101 79 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0"
86.143.74.170 - - [22/Apr/2021:15:53:19 +0000] "GET /socket/websocket?token=undefined&vsn=2.0.0 HTTP/1.1" 101 27025 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0"
86.143.74.170 - - [22/Apr/2021:15:53:20 +0000] "GET /socket/websocket?token=undefined&vsn=2.0.0 HTTP/1.1" 101 479 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0"
86.143.74.170 - - [22/Apr/2021:15:53:20 +0000] "GET /phoenix/live_reload/socket/websocket?vsn=2.0.0 HTTP/1.1" 101 79 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0"
86.143.74.170 - - [22/Apr/2021:15:53:23 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:53:24 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:53:26 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:53:31 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
86.143.74.170 - - [22/Apr/2021:15:53:41 +0000] "GET /socket/websocket?vsn=1.0.0 HTTP/1.1" 301 178 "-" "-"
The firefox ones are the ones that work fine. The others (with 301 178 in them) are the ones from the non-working Node.js script (that is, the one using the domain name). The error.log file in the same location is empty.
Please note that I'm also using noip dynamic dns.
If you change your URL to:
let socket = new Socket("wss://suprabonds.com/socket/websocket?token=undefined")
or
let socket = new Socket("wss://suprabonds.com/socket/websocket?vsn=1.0.0")
It will connect
I am having a weird issue with socket.io on elastic beanstalk using the Application Load Balancer and connecting from node (server-side). Currently I have two nodes, each behind their own nginx, and all behind an application load balancer configured with sticky sessions.
The issue I am having is that the upgrade from long polling -> websocket works fine in the browser but fails from node. The only way I can connect from node is to manually set transports: ["websockets"] which is undesirable. Below are the logs for connecting to the API via node with this code and DEBUG=*
const clientSocket = io(URL);
Looking at the nginx access.logs, nothing seems out of the ordinary regarding the sessions. Here's a snippet. As you can see, everything from my-ip is consistently routed to the same node
172.31.8.41 - - [28/Feb/2019:19:51:42 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:51:42 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargPwH&b64=1&sid=7k33d9491Y8GWscOAABp HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:51:42 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=7k33d9491Y8GWscOAABp HTTP/1.1" 400 18 "-" "-" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:51:44 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargQGg&b64=1&sid=hy5Trvc1rOCOV-BrAABq HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:51:44 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=hy5Trvc1rOCOV-BrAABq HTTP/1.1" 400 18 "-" "-" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:51:44 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargI-p&b64=1&sid=4ZsFjp8X8MDznyr9AABE HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:51:45 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargQfk&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:51:51 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:51:57 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:52:06 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:52:11 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargW-E&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:52:12 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:52:15 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargQhr&b64=1&sid=uxJMGa3egW9Wb2jhAABG HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:52:21 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:52:27 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:52:36 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:52:36 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargX0N&b64=1&sid=bBINNyBJvvX5cP0RAABH HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:52:36 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MargdA9&b64=1&sid=bBINNyBJvvX5cP0RAABH HTTP/1.1" 200 2 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:52:37 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargdR3&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:52:38 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=gfTQu0aAJF6Z6Q5gAABI HTTP/1.1" 101 0 "-" "-" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:52:39 +0000] "GET /socket.io/?EIO=3&transport=polling&t=Margdm-&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:52:42 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:52:51 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:52:57 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:53:04 +0000] "GET /socket.io/?EIO=3&transport=polling&t=Margdpg&b64=1&sid=3nZgirr9cXOZNj_XAABJ HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:04 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Margjz2&b64=1&sid=3nZgirr9cXOZNj_XAABJ HTTP/1.1" 200 2 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:05 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargkGk&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:06 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:53:12 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:53:21 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:53:27 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:53:31 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargkJN&b64=1&sid=rKuyOzJrHA7Fe41JAABK HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:31 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MargqSU&b64=1&sid=rKuyOzJrHA7Fe41JAABK HTTP/1.1" 200 2 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:32 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargqnP&b64=1&sid=vlqaqHh9VJNz5gXjAABr HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:33 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Margqpb&b64=1&sid=vlqaqHh9VJNz5gXjAABr HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:34 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargrBM&b64=1&sid=oJJ-VBCV30wZRG_4AABs HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:34 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MargrDy&b64=1&sid=oJJ-VBCV30wZRG_4AABs HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:36 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MargrdM&b64=1&sid=UR3CqEnDl_-nFC5pAABt HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:36 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MargrfZ&b64=1&sid=UR3CqEnDl_-nFC5pAABt HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:53:36 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:53:37 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=04idFIicBmnKXJVyAABu HTTP/1.1" 400 18 "-" "-" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:53:42 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:53:51 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:53:57 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:54:06 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:54:12 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:54:21 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:54:27 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:54:27 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Marh2FA&b64=1&sid=04idFIicBmnKXJVyAABu HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:27 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Marh2Hf&b64=1&sid=04idFIicBmnKXJVyAABu HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:28 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=LE3bgCzvK0VAtXL_AABv HTTP/1.1" 400 18 "-" "-" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:54:36 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:54:42 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:54:51 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:54:54 +0000] "GET /socket.io/?EIO=3&transport=polling&t=Marh8em&b64=1&sid=LE3bgCzvK0VAtXL_AABv HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:54 +0000] "POST /socket.io/?EIO=3&transport=polling&t=Marh8hg&b64=1&sid=LE3bgCzvK0VAtXL_AABv HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:55 +0000] "GET /socket.io/?EIO=3&transport=polling&t=Marh928&b64=1&sid=F_VPIilCbjKlcTAfAABw HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:55 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=F_VPIilCbjKlcTAfAABw HTTP/1.1" 400 18 "-" "-" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:56 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=w2fGwjpj8ElojoJTAABx HTTP/1.1" 400 18 "-" "-" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:54:57 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:55:06 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:55:12 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:55:21 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MarhFRZ&b64=1&sid=w2fGwjpj8ElojoJTAABx HTTP/1.1" 400 52 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:55:21 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:55:22 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MarhFfr&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:55:27 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:55:36 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:55:42 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:55:47 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MarhFiU&b64=1&sid=RmuQkr9UirrYp6NGAABL HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:55:47 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MarhLpU&b64=1&sid=RmuQkr9UirrYp6NGAABL HTTP/1.1" 200 2 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:55:48 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MarhM45&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:55:49 +0000] "GET /socket.io/?EIO=3&transport=websocket&sid=fTWuT3g-SQ6Y-7DKAABM HTTP/1.1" 101 0 "-" "-" "my-ip"
172.31.8.41 - - [28/Feb/2019:19:55:50 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MarhMTu&b64=1 HTTP/1.1" 200 103 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:55:52 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:55:57 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.28.138 - - [28/Feb/2019:19:56:07 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:56:12 +0000] "GET / HTTP/1.1" 200 5 "-" "ELB-HealthChecker/2.0" "-"
172.31.8.41 - - [28/Feb/2019:19:56:16 +0000] "GET /socket.io/?EIO=3&transport=polling&t=MarhMWX&b64=1&sid=4UCaq5tvWPrIxr-RAABN HTTP/1.1" 200 3 "-" "node-XMLHttpRequest" "my-ip"
172.31.28.138 - - [28/Feb/2019:19:56:16 +0000] "POST /socket.io/?EIO=3&transport=polling&t=MarhSg5&b64=1&sid=4UCaq5tvWPrIxr-RAABN HTTP/1.1" 200 2 "-" "node-XMLHttpRequest" "my-ip"
socket.io logs from node:
julian#wilson:~/project/app-server$ tsc && node dist/src/order_spammer.js
socket.io-client:url parse https://env.api.app.bet +0ms
socket.io-client new io instance for https://env.api.app.bet +0ms
socket.io-client:manager readyState closed +0ms
socket.io-client:manager opening https://env.api.app.bet +1ms
engine.io-client:socket creating transport "polling" +0ms
engine.io-client:polling polling +0ms
engine.io-client:polling-xhr xhr poll +0ms
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard8kg&b64=1 +1ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket setting transport polling +12ms
socket.io-client:manager connect attempt will timeout after 20000 +13ms
socket.io-client:manager readyState opening +1ms
engine.io-client:polling polling got data 96:0{"sid":"xxj_pihkgmI4gJEhAABB","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}2:40 +174ms
engine.io-client:socket socket receive: type "open", data "{"sid":"xxj_pihkgmI4gJEhAABB","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}" +164ms
engine.io-client:socket socket open +0ms
socket.io-client:manager open +162ms
socket.io-client:manager cleanup +0ms
socket.io-client:socket transport is open - connecting +0ms
engine.io-client:socket starting upgrade probes +1ms
engine.io-client:socket probing transport "websocket" +0ms
engine.io-client:socket creating transport "websocket" +0ms
engine.io-client:socket socket receive: type "message", data "0" +4ms
socket.io-parser decoded 0 as {"type":0,"nsp":"/"} +0ms
engine.io-client:polling polling +7ms
engine.io-client:polling-xhr xhr poll +180ms
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard8nV&b64=1&sid=xxj_pihkgmI4gJEhAABB +0ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket socket error {"type":"TransportError","description":400} +171ms
socket.io-client:manager error { Error: xhr poll error
at XHR.Transport.onError (/home/julian/project/app-server/node_modules/engine.io-client/lib/transport.js:64:13)
at Request.<anonymous> (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:128:10)
at Request.Emitter.emit (/home/julian/project/app-server/node_modules/component-emitter/index.js:133:20)
at Request.onError (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:309:8)
at Timeout._onTimeout (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:256:18)
at ontimeout (timers.js:427:11)
at tryOnTimeout (timers.js:289:5)
at listOnTimeout (timers.js:252:5)
at Timer.processTimers (timers.js:212:10) type: 'TransportError', description: 400 } +177ms
engine.io-client:socket socket close with reason: "transport error" +4ms
engine.io-client:polling transport open - closing +174ms
engine.io-client:polling writing close packet +0ms
engine.io-client:polling-xhr xhr open POST: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard8qD&b64=1&sid=xxj_pihkgmI4gJEhAABB +175ms
engine.io-client:polling-xhr xhr data 1:1 +0ms
socket.io-client:manager onclose +4ms
socket.io-client:manager cleanup +0ms
socket.io-client:socket close (transport error) +181ms
socket.io-client:manager will wait 661ms before reconnect attempt +1ms
engine.io-client:socket probe transport "websocket" failed because of error: socket closed +3ms
socket.io-client:socket emitting packet with ack id 0 +425ms
socket.io-client:manager attempting reconnect +661ms
socket.io-client:manager readyState closed +0ms
socket.io-client:manager opening https://env.api.app.bet +0ms
engine.io-client:socket creating transport "polling" +661ms
engine.io-client:polling polling +664ms
engine.io-client:polling-xhr xhr poll +663ms
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard8-b&b64=1 +1ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket setting transport polling +3ms
socket.io-client:manager connect attempt will timeout after 20000 +4ms
engine.io-client:polling polling got data 96:0{"sid":"HADNz_FR5SkW-zAdAAA0","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}2:40 +140ms
engine.io-client:socket socket receive: type "open", data "{"sid":"HADNz_FR5SkW-zAdAAA0","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}" +137ms
engine.io-client:socket socket open +0ms
socket.io-client:manager open +137ms
socket.io-client:manager cleanup +1ms
socket.io-client:socket transport is open - connecting +378ms
socket.io-client:manager reconnect success +0ms
engine.io-client:socket starting upgrade probes +1ms
engine.io-client:socket probing transport "websocket" +0ms
engine.io-client:socket creating transport "websocket" +0ms
engine.io-client:socket socket receive: type "message", data "0" +3ms
socket.io-parser decoded 0 as {"type":0,"nsp":"/"} +983ms
socket.io-client:manager writing packet {"type":2,"data":["active_markets",null],"options":{"compress":true},"id":0,"nsp":"/"} +3ms
socket.io-parser encoding packet {"type":2,"data":["active_markets",null],"options":{"compress":true},"id":0,"nsp":"/"} +1ms
socket.io-parser encoded {"type":2,"data":["active_markets",null],"options":{"compress":true},"id":0,"nsp":"/"} as 20["active_markets",null] +0ms
engine.io-client:socket flushing 1 packets in socket +1ms
engine.io-client:polling-xhr xhr open POST: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard90s&b64=1&sid=HADNz_FR5SkW-zAdAAA0 +145ms
engine.io-client:polling-xhr xhr data 26:420["active_markets",null] +0ms
engine.io-client:polling polling +7ms
engine.io-client:polling-xhr xhr poll +1ms
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard90u&b64=1&sid=HADNz_FR5SkW-zAdAAA0 +1ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket probe transport "websocket" failed because of error: Error: websocket error +135ms
engine.io-client:socket socket error {"type":"TransportError","description":400} +5ms
socket.io-client:manager error { Error: xhr post error
at XHR.Transport.onError (/home/julian/project/app-server/node_modules/engine.io-client/lib/transport.js:64:13)
at Request.<anonymous> (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:109:10)
at Request.Emitter.emit (/home/julian/project/app-server/node_modules/component-emitter/index.js:133:20)
at Request.onError (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:309:8)
at Timeout._onTimeout (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:256:18)
at ontimeout (timers.js:427:11)
at tryOnTimeout (timers.js:289:5)
at listOnTimeout (timers.js:252:5)
at Timer.processTimers (timers.js:212:10) type: 'TransportError', description: 400 } +141ms
engine.io-client:socket socket close with reason: "transport error" +1ms
engine.io-client:polling transport open - closing +139ms
engine.io-client:polling writing close packet +0ms
engine.io-client:polling-xhr xhr open POST: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard933&b64=1&sid=HADNz_FR5SkW-zAdAAA0 +138ms
engine.io-client:polling-xhr xhr data 1:1 +0ms
socket.io-client:manager onclose +2ms
socket.io-client:manager cleanup +0ms
socket.io-client:socket close (transport error) +146ms
socket.io-client:manager will wait 760ms before reconnect attempt +1ms
engine.io-client:polling polling got data 1:6 +168ms
socket.io-client:manager attempting reconnect +760ms
socket.io-client:manager readyState closed +0ms
socket.io-client:manager opening https://env.api.app.bet +0ms
engine.io-client:socket creating transport "polling" +762ms
engine.io-client:polling polling +594ms
engine.io-client:polling-xhr xhr poll +763ms
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard9E-&b64=1 +0ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket setting transport polling +2ms
socket.io-client:manager connect attempt will timeout after 20000 +2ms
engine.io-client:polling polling got data 96:0{"sid":"WKWlwvuSqRP4z_kbAABC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}2:40 +197ms
engine.io-client:socket socket receive: type "open", data "{"sid":"WKWlwvuSqRP4z_kbAABC","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":5000}" +195ms
engine.io-client:socket socket open +0ms
socket.io-client:manager open +195ms
socket.io-client:manager cleanup +0ms
socket.io-client:socket transport is open - connecting +958ms
socket.io-client:manager reconnect success +0ms
engine.io-client:socket starting upgrade probes +0ms
engine.io-client:socket probing transport "websocket" +0ms
engine.io-client:socket creating transport "websocket" +0ms
engine.io-client:socket socket receive: type "message", data "0" +1ms
socket.io-parser decoded 0 as {"type":0,"nsp":"/"} +1s
engine.io-client:polling polling +2ms
engine.io-client:polling-xhr xhr poll +198ms
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard9I4&b64=1&sid=WKWlwvuSqRP4z_kbAABC +0ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket socket error {"type":"TransportError","description":400} +135ms
socket.io-client:manager error { Error: xhr poll error
at XHR.Transport.onError (/home/julian/project/app-server/node_modules/engine.io-client/lib/transport.js:64:13)
at Request.<anonymous> (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:128:10)
at Request.Emitter.emit (/home/julian/project/app-server/node_modules/component-emitter/index.js:133:20)
at Request.onError (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:309:8)
at Timeout._onTimeout (/home/julian/project/app-server/node_modules/engine.io-client/lib/transports/polling-xhr.js:256:18)
at ontimeout (timers.js:427:11)
at tryOnTimeout (timers.js:289:5)
at listOnTimeout (timers.js:252:5)
at Timer.processTimers (timers.js:212:10) type: 'TransportError', description: 400 } +136ms
engine.io-client:socket socket close with reason: "transport error" +1ms
engine.io-client:polling transport open - closing +135ms
engine.io-client:polling writing close packet +0ms
engine.io-client:polling-xhr xhr open POST: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard9KB&b64=1&sid=WKWlwvuSqRP4z_kbAABC +135ms
engine.io-client:polling-xhr xhr data 1:1 +0ms
socket.io-client:manager onclose +3ms
socket.io-client:manager cleanup +0ms
socket.io-client:socket close (transport error) +139ms
socket.io-client:manager will wait 1076ms before reconnect attempt +0ms
engine.io-client:socket probe transport "websocket" failed because of error: socket closed +2ms
socket.io-client:manager attempting reconnect +1s
socket.io-client:manager readyState closed +0ms
socket.io-client:manager opening https://env.api.app.bet +0ms
engine.io-client:socket creating transport "polling" +1s
engine.io-client:polling polling +1s
engine.io-client:polling-xhr xhr poll +1s
engine.io-client:polling-xhr xhr open GET: https://env.api.app.bet/socket.io/?EIO=3&transport=polling&t=Mard9b3&b64=1 +0ms
engine.io-client:polling-xhr xhr data null +0ms
engine.io-client:socket setting transport polling +2ms
socket.io-client:manager connect attempt will timeout after 20000 +2ms
Any ideas how I can debug this?
I am trying to load data from filebeat into logstash. While loading , while running the command->
bin/logstash -f first-pipeline.conf --config.reload.automatic
, following error is encountered:
[2018-06-05T11:30:43,987][INFO ][logstash.inputs.beats ] Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
[2018-06-05T11:30:44,047][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x969dfe run>"}
[2018-06-05T11:30:44,083][INFO ][org.logstash.beats.Server] Starting server on port: 5044
[2018-06-05T11:30:44,112][INFO ][logstash.agent ] Pipelines running {:count=>1, :pipelines=>["main"]}
[2018-06-05T11:32:05,045][INFO ][org.logstash.beats.BeatsHandler] [local: 0:0:0:0:0:0:0:1:5044, remote: 0:0:0:0:0:0:0:1:31903] Handling exception: org.logstash.beats.BeatsParser$InvalidFrameProtocolException: Invalid Frame Type, received: 69
first-pipeline.conf file is:
# The # character at the beginning of a line indicates a comment. Use
# comments to describe your configuration.
input {
beats {
port => "5044"
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }
output {
stdout { codec => rubydebug }
}
Filebeat.yml file:
filebeat.prospectors:
- type: log
enabled: true
paths:
- \C:\PATH-TO-DOC\elasticDoc\logstash-tutorial-dataset.log
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
Sample dataset of logstash-tutorial-dataset.log :
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
83.149.9.216 - - [04/Jan/2015:05:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-dashboard3.png HTTP/1.1" 200 171717 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"
What is the cause of this error? This question has already been asked before but there were no replies. Please also let me know where i could polish my concepts in logstash and filebeat more. I am a beginner.
The problem was with my filename in filebeat.yml . The extension was not needed.
Also in first-pipeline.conf file, i removed codec and send my logs directly to elastic search and it started working for me.
input
{
file
{
path => ["D:/logstash-2.3.4/temp/logs/localhost_access_log.2016-08-24.log"]
start_position => "beginning"
}
}
filter
{
date
{
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output
{
stdout { codec => rubydebug }
}
Now after running logstash i am unable to see any output on logstash command window. That is the logs inside a give file are not fetching.
some of the sample logs in my localhost_access_log.2016-08-24 log file are below:
127.0.0.1 - - [24/Aug/2016:10:07:54 +0530] "GET / HTTP/1.1" 200 11452
0:0:0:0:0:0:0:1 - - [24/Aug/2016:10:08:09 +0530] "GET /Migration/firstpage.jsp HTTP/1.1" 404 1040
127.0.0.1 - - [24/Aug/2016:10:08:39 +0530] "GET / HTTP/1.1" 200 11452
0:0:0:0:0:0:0:1 - - [24/Aug/2016:10:08:41 +0530] "GET /Migration/firstpage.jsp HTTP/1.1" 500 3750
0:0:0:0:0:0:0:1 - - [24/Aug/2016:10:09:38 +0530] "GET /Mortgage/faces/NewFile.jsp HTTP/1.1" 404 1046
Is there any problem with the input code or date filter code?
Can anyone help me where i am committing mistake?
Did you try keeping the stdout {} empty as this within your output section of your conf file in order to check the output from your logstash console?
As #baudsp mentioned, it's better to use grok filter when you're dealing with log files. Something like this:
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
}
Source: Parsing Logs with Logstash