I verified Logstash config:
root#learn-elk:/etc/logstash/conf.d# /opt/logstash/bin/logstash -t /etc/logstash/conf.d/
Configuration OK
but still getting error and pipeline aborted after
==> /var/log/logstash/logstash.log <==
{:timestamp=>"2016-10-22T17:48:28.391000+0000", :message=>"Pipeline aborted due to error", :exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in `config_init'", "org/jruby/RubyHash.java:1342:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in `config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in `register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:in `start_workers'", "org/jruby/RubyArray.java:1613:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:in `start_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:in `start_pipeline'"], :level=>:error}
{:timestamp=>"2016-10-22T17:48:31.424000+0000", :message=>"stopping pipeline", :id=>"main"}
after running logstash with '-v --debug --verbose' I've got much more information:
starting agent {:level=>:info}
starting pipeline {:id=>"main", :level=>:info}
Settings: Default pipeline workers: 1
Registering file input {:path=>["/opt/logstash/GOOG.csv"], :level=>:info}
No sincedb_path set, generating one based on the file path {:sincedb_path=>"/root/.sincedb_0a3b7d0b4841f166ec450717c6ce4124", :path=>["/opt/logstash/GOOG.csv"], :level=>:info}
Pipeline aborted due to error {:exception=>"LogStash::ConfigurationError", :backtrace=>["/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:88:in `config_init'", "org/jruby/RubyHash.java:1342:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/config/mixin.rb:72:in `config_init'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/outputs/base.rb:79:in `initialize'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/output_delegator.rb:74:in `register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:in `start_workers'", "org/jruby/RubyArray.java:1613:in `each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:181:in `start_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in `run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:in `start_pipeline'"], :level=>:error}
stopping pipeline {:id=>"main"}
Closing inputs {:level=>:info}
Closed inputs {:level=>:info}
After fixing logstash { hosts => ["localhost"] } } vs { host => localhost } } issue I consolidated config into one file below and used stdout instead elasticsearch
input{
file{
path =>"/opt/logstash/GOOG.csv"
start_position =>"beginning"
type => google
}
}
filter{
if [type] == "google" {
csv{
columns =>
["date_of_record","open","high","low","close","volume","adj_close"]
separator => ","
}
date {
match => ["date_of_record","yyyy-MM-dd"]
}
mutate {
convert => ["open","float"]
convert => ["high","float"]
convert => ["low","float"]
convert => ["close","float"]
convert => ["volume","integer"]
convert => ["adj_close","float"]
}
}
output {
stdout {
}
}
Related
How can logstash be executed? (error occured)
run logstash on AWS Linux.
but error occurred while executing.
my Linux(Ubuntu Version: 20.04)
elasticsearch installed.(execute successfully)
kibana installed.(execute successfully)
logstash installed. (execute error occured)
my .conf file code
input {
jdbc {
clean_run => true
jdbc_driver_library => "/usr/share/java/mysql-connector-java-8.0.23.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_connection_string => "jdbc:mysql://AWSLINK:3306/schema_name?useSSL=false&user=root&password=1234"
jdbc_user => "root"
jdbc_password => "1234"
schedule => "* * * * *"
statement => "select * from schema_name"
}
}
output {
elasticsearch {
hosts => 52.188.20.167:9200"
index => "AWS_DB_0514"
}
stdout {
codec => rubydebug
}
}
I execute logstash in linux(command)
./logstash -f test.conf --path.settings /etc/logstash/
I execute above code but error occured.(attempt)
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2021-05-14T08:37:16,025][INFO ][logstash.runner ] Log4j configuration path used is: /etc/logstash/log4j2.properties
[2021-05-14T08:37:16,039][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.12.0", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc OpenJDK 64-Bit Server VM 11.0.10+9 on 11.0.10+9 +indy +jit [linux-x86_64]"}
[2021-05-14T08:37:16,466][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-05-14T08:37:17,524][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2021-05-14T08:37:18,048][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of [0-9], [ \\t\\r\\n], \"#\", \"}\" at line 16, column 24 (byte 608) after output {\n elasticsearch {\n hosts => 52.188", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:184:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:69:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:47:in `initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:52:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:389:in `block in converge_state'"]}
[2021-05-14T08:37:18,165][INFO ][logstash.runner ] Logstash shut down.
[2021-05-14T08:37:18,177][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.13.0.jar:?]
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.13.0.jar:?]
at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:89) ~[?:?]
There is an error on line 16.
incorrect code
hosts => 52.188.20.167:9200"
correct code
hosts => "52.188.20.167:9200"
Hi Im trying to set up a log analysis with Filebeat and Logstash.
Below are the changes i made in
filebeat.inputs:
- type: log
enabled: true
paths:
- D:\elasticsearch-5.4.3\elasticsearch-5.4.3\logs\elasticsearch.log
output.logstash:
# The Logstash hosts
hosts: ["localhost:5044"]
And here is my logstash configuration file.
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{plugins}" }
}
date {
match => [ "timestamp" , "yyyy-MM-DD:HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
}
}
While running the above, i see the below error:
[2019-10-22T06:07:32,915][ERROR][logstash.javapipeline ] Pipeline aborted due
to error {:pipeline_id=>"main", :exception=>#<Grok::PatternError: pattern %{plu
gins} not defined>, :backtrace=>["D:/logstash-7.1.0/logstash-7.1.0/vendor/bundle
/jruby/2.5.0/gems/jls-grok-0.11.5/lib/grok-pure.rb:123:in `block in compile'", "
org/jruby/RubyKernel.java:1425:in `loop'", "D:/logstash-7.1.0/logstash-7.1.0/ven
dor/bundle/jruby/2.5.0/gems/jls-grok-0.11.5/lib/grok-pure.rb:93:in `compile'", "
D:/logstash-7.1.0/logstash-7.1.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-
grok-4.0.4/lib/logstash/filters/grok.rb:281:in `block in register'", "org/jruby/
RubyArray.java:1792:in `each'", "D:/logstash-7.1.0/logstash-7.1.0/vendor/bundle/
jruby/2.5.0/gems/logstash-filter-grok-4.0.4/lib/logstash/filters/grok.rb:275:in
`block in register'", "org/jruby/RubyHash.java:1419:in `each'", "D:/logstash-7.1
.0/logstash-7.1.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-grok-4.0.4/lib/
logstash/filters/grok.rb:270:in `register'", "org/logstash/config/ir/compiler/Ab
stractFilterDelegatorExt.java:56:in `register'", "D:/logstash-7.1.0/logstash-7.1
.0/logstash-core/lib/logstash/java_pipeline.rb:191:in `block in register_plugins
'", "org/jruby/RubyArray.java:1792:in `each'", "D:/logstash-7.1.0/logstash-7.1.0
/logstash-core/lib/logstash/java_pipeline.rb:190:in `register_plugins'", "D:/log
stash-7.1.0/logstash-7.1.0/logstash-core/lib/logstash/java_pipeline.rb:446:in `m
aybe_setup_out_plugins'", "D:/logstash-7.1.0/logstash-7.1.0/logstash-core/lib/lo
gstash/java_pipeline.rb:203:in `start_workers'", "D:/logstash-7.1.0/logstash-7.1
.0/logstash-core/lib/logstash/java_pipeline.rb:145:in `run'", "D:/logstash-7.1.0
/logstash-7.1.0/logstash-core/lib/logstash/java_pipeline.rb:104:in `block in sta
rt'"], :thread=>"#<Thread:0x15997940 run>"}
[2019-10-22T06:07:32,970][ERROR][logstash.agent ] Failed to execute ac
tion {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message
=>"Could not execute action: PipelineAction::Create<main>, action_result: false"
, :backtrace=>nil}
Im rather new to this intergration, im not sure of where i should look into.
Please help me.
The problem looks to be with
grok {
match => { "message" => "%{plugins}" }
}
What is %{plugins} here? It is NOT a pre-defined grok pattern. The list of grok patterns can be found here.
Also, the syntax for a grok pattern from documentation is %{SYNTAX:SEMANTIC}. You could do something like
grok {
match => { "message", "%{GREEDYDATA:plugins}" }
}
Try giving data type of the "%{plugins}".
filter {
grok {
match => { "message" => "%{WORD:plugins}" }
}
}
You can find data types from here
If this not working try removing date filter and try again.
Apparently these kind of errors can happen because of some regexp syntax error deep into a config file. That's just crack.
Getting error in starting logstash for apache combined log filter.
Config File:
input {
file {
path => "/u/agrawalo/logstash-5.4.0/event-data/apache_access.log"
start_position => "beginning"
}
http {
}
}
filter {
grok {
match => { "message" => "%{HTTPD_COMBINEDLOG}" }
}
}
output {
stdout {
codec => rubydebug
}
}
Command used to start logstash:
bin/logstash -f config/pipelines/apacheauto.conf --config.reload.automatic
Error:
Sending Logstash's logs to /u/agrawalo/logstash-5.4.0/logs which is now configured via log4j2.properties
04:18:45.723 [[main]-pipeline-manager] ERROR logstash.pipeline - Error registering plugin {:plugin=>"#<LogStash::FilterDelegator:0x7bfa005e #id=\"498367beab653b0a3133b16fc4dcef59f08886de-3\", #klass=LogStash::Filters::Grok, #metric_events=#<LogStash::Instrument::NamespacedMetric:0x684a02d #metric=#<LogStash::Instrument::Metric:0x68e13c68 #collector=#<LogStash::Instrument::Collector:0x7fe7de03 #agent=nil, #metric_store=#<LogStash::Instrument::MetricStore:0x5434c951 #store=#<Concurrent::Map:0x77929e32 #default_proc=nil>, #structured_lookup_mutex=#<Mutex:0x16f1fed4>, #fast_lookup=#<Concurrent::Map:0x57273dcf #default_proc=nil>>>>, #namespace_name=[:stats, :pipelines, :main, :plugins, :filters, :\"498367beab653b0a3133b16fc4dcef59f08886de-3\", :events]>, #logger=#<LogStash::Logging::Logger:0x462b61a2 #logger=#<Java::OrgApacheLoggingLog4jCore::Logger:0x4941bd9c>>, #filter=<LogStash::Filters::Grok match=>{\"message\"=>\"%{HTTPD_COMBINEDLOG}\"}, id=>\"498367beab653b0a3133b16fc4dcef59f08886de-3\", enable_metric=>true, periodic_flush=>false, patterns_files_glob=>\"*\", break_on_match=>true, named_captures_only=>true, keep_empty_captures=>false, tag_on_failure=>[\"_grokparsefailure\"], timeout_millis=>30000, tag_on_timeout=>\"_groktimeout\">>", :error=>"pattern %{HTTPD_COMBINEDLOG} not defined"}
04:18:45.731 [[main]-pipeline-manager] ERROR logstash.agent - Pipeline aborted due to error {:exception=>#<Grok::PatternError: pattern %{HTTPD_COMBINEDLOG} not defined>, :backtrace=>["/u/agrawalo/logstash-5.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.4/lib/grok-pure.rb:123:in `compile'", "org/jruby/RubyKernel.java:1479:in `loop'", "/u/agrawalo/logstash-5.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.4/lib/grok-pure.rb:93:in `compile'", "/u/agrawalo/logstash-5.4.0/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.3.1/lib/logstash/filters/grok.rb:274:in `register'", "org/jruby/RubyArray.java:1613:in `each'", "/u/agrawalo/logstash-5.4.0/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.3.1/lib/logstash/filters/grok.rb:269:in `register'", "org/jruby/RubyHash.java:1342:in `each'", "/u/agrawalo/logstash-5.4.0/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-3.3.1/lib/logstash/filters/grok.rb:264:in `register'", "/u/agrawalo/logstash-5.4.0/logstash-core/lib/logstash/pipeline.rb:268:in `register_plugin'", "/u/agrawalo/logstash-5.4.0/logstash-core/lib/logstash/pipeline.rb:279:in `register_plugins'", "org/jruby/RubyArray.java:1613:in `each'", "/u/agrawalo/logstash-5.4.0/logstash-core/lib/logstash/pipeline.rb:279:in `register_plugins'", "/u/agrawalo/logstash-5.4.0/logstash-core/lib/logstash/pipeline.rb:289:in `start_workers'", "/u/agrawalo/logstash-5.4.0/logstash-core/lib/logstash/pipeline.rb:214:in `run'", "/u/agrawalo/logstash-5.4.0/logstash-core/lib/logstash/agent.rb:398:in `start_pipeline'"]}
04:18:46.405 [Api Webserver] INFO logstash.agent - Successfully started Logstash API endpoint {:port=>9600}
Output of 'ls' command on logstash installation directory
agrawalo#abc:~/logstash-5.4.0> ls
CHANGELOG.md CONTRIBUTORS Gemfile Gemfile.jruby-1.9.lock LICENSE NOTICE.TXT bin config data event-data lib logstash-core logstash-core-plugin-api output.txt vendor
After further debugging I found that httpd pattern is missing :
agrawalo#abc:~/logstash-5.4.0/vendor/bundle/jruby/1.9/gems/logstash-patterns-core-4.0.2/patterns> ls
aws bacula bro exim firewalls grok-patterns haproxy java junos linux-syslog mcollective mcollective-patterns mongodb nagios postgresql rails redis ruby
Qn:
How come this pattern is missing?
How can I include or install this pattern in the existing installation of logstash?
I was able to resolve this by updating version of logstash.
I want to send a +8Go csv file to my ES server form my machine.
I use Logstash to send the file with this conf :
input {
file {
path => "/Users/karnag/Downloads/siren201703.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
#Date,Open,High,Low,Close,Volume (BTC),Volume (Currency),Weighted Price
columns => ["SIREN", "NIC", "L1_NORMALISEE", "L2_NORMALISEE", "L3_NORMALISEE", "L4_NORMALISEE", "L5_NORMALISEE", "L6_NORMALISEE", "L7_NORMALISEE", "L1_DECLAREE", "L2_DECLAREE", "L3_DECLAREE", "L4_DECLAREE", "L5_DECLAREE", "L6_DECLAREE", "L7_DECLAREE", "NUMVOIE", "INDREP", "TYPVOIE", "LIBVOIE", "CODPOS", "CEDEX", "RPET", "LIBREG", "DEPET", "ARRONET", "CTONET", "COMET", "LIBCOM", "DU", "TU", "UU", "EPCI", "TCD", "ZEMET", "SIEGE", "ENSEIGNE", "IND_PUBLIPO", "DIFFCOM", "AMINTRET", "NATETAB", "LIBNATETAB", "APET700", "LIBAPET", "DAPET", "TEFET", "LIBTEFET", "EFETCENT", "DEFET", "ORIGINE", "DCRET", "DDEBACT", "ACTIVNAT", "LIEUACT", "ACTISURF", "SAISONAT", "MODET", "PRODET", "PRODPART", "AUXILT", "NOMEN_LONG", "SIGLE", "NOM", "PRENOM", "CIVILITE", "RNA", "NICSIEGE", "RPEN", "DEPCOMEN", "ADR_MAIL", "NJ", "LIBNJ", "APEN700", "LIBAPEN", "DAPEN", "APRM", "ESS", "DATEESS", "TEFEN", "LIBTEFEN", "EFENCENT", "DEFEN", "CATEGORIE", "DCREN", "AMINTREN", "MONOACT", "MODEN", "PRODEN", "ESAANN", "TCA", "ESAAPEN", "ESASEC1N", "ESASEC2N", "ESASEC3N", "ESASEC4N", "VMAJ", "VMAJ1", "VMAJ2", "VMAJ3", "DATEMAJ"]
}
}
output {
elasticsearch {
hosts => "http://192.168.10.19:8080/"
index => "siren"
}
stdout {}
}
And I got this error:
[2017-03-15T10:23:04,628][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<ArgumentError: Setting "" hasn't been registered>, :backtrace=>["/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/settings.rb:29:in `get_setting'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/settings.rb:61:in `set_value'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/settings.rb:80:in `merge'", "org/jruby/RubyHash.java:1342:in `each'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/settings.rb:80:in `merge'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/settings.rb:115:in `validate_all'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/runner.rb:210:in `execute'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/logstash-core/lib/logstash/runner.rb:183:in `run'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/Users/karnag/Documents/Epitech/ElasticStack/Logstash/lib/bootstrap/environment.rb:71:in `(root)'"]}
I can't find where is the typo in my conf file (clearly there is something wrong here).
Thanks.
I have trouble to get the logstash (2.4.0) tutorial to work on Windows 7.
This is working: bin\logstash.bat -f pipe.conf
# pipe.conf
input {
stdin { }
}
output {
stdout { }
}
When I enter then code in the msdos-window, I get expected log messages.
C:\Users\foo\Workspace\Reporting\Stack5.0 pipe.conf
Settings: Default pipeline workers: 4
Pipeline main started
configuration in a file
2016-10-10T14:32:13.506Z foopc configuration in a file
yehaaaa
2016-10-10T14:32:18.320Z foopc yehaaaa
Tweaking the configuration file to get close to the tutorial, does not work. Then I get the following error message:
{
:timestamp=>"2016-10-10T16:45:25.605000+0200",
:message=>"Pipeline aborted due to error",
:exception=>"ArgumentError",
:backtrace=>["C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-input-file-2.2.5/lib/logstash/inputs/file.rb:187:in `register'",
"org/jruby/RubyArray.java:1613:in `each'",
"C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-input-file-2.2.5/lib/logstash/inputs/file.rb:185:in `register'",
"C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:330:in `start_inputs'",
"org/jruby/RubyArray.java:1613:in `each'",
"C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:329:in `start_inputs'",
"C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:180:in `start_workers'",
"C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/pipeline.rb:136:in `run'",
"C:/Users/foo/Workspace/Reporting/Stack5.0/logstash-2.4.0/vendor/bundle/jruby/1.9/gems/logstash-core-2.4.0-java/lib/logstash/agent.rb:491:in `start_pipeline'"],
:level=>:error} {:timestamp=>"2016-10-10T16:45:28.608000+0200",
:message=>"stopping pipeline",
:id=>"main"
}
I call the script like before with: bin\logstash.bat -f pipe.conf
# pipe.conf
input {
# stdin { }
# https://www.elastic.co/guide/en/logstash/current/advanced-pipeline.html#configuring-file-input
# logstash 2.4.0
file {
path => "logstash-tutorial-dataset"
start_position => beginning
ignore_older => 0
}
}
# The filter part of this file is commented out to indicate that it is
# optional.
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
}
output {
stdout { }
}
The logfile: logstash-tutorial-dataset is available and accessable. I downloaded the file from the tutorial.
What did I miss and how do I get logstash to work with this configuration?
According to the doc:
Paths must be absolute and cannot be relative.