All geek questions in one place

Logstash Configuration

I ran the logstash service configuration file, but the error indicated:

logstash: unrecognized service

I managed to start the logstash service separately, but not using "configtest". In etc / logstash / conf.d / I created a logstash.conf file containing the code below: -

Additional Information: -

service logstash status ● logstash.service - logstash Loaded: loaded (/etc/systemd/system/logstash.service; disabled) Active: active (running) since Mon 2016-12-26 12:40:58 PST; 6s ago Main PID: 3512 (java) CGroup: /system.slice/logstash.service └─3512 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX... Dec 26 12:40:58 Mr systemd[1]: Started logstash.

Service while working with configtest: -

 root@Mr :/# service logstash configtest logstash: unrecognized service

I run this on debian8 machine, hope I get a good solution from you guys.

 # This input block will listen on port 10514 for logs to come in. # host should be an IP on the Logstash server. # codec => "json" indicates that we expect the lines we're receiving to be in JSON format # type => "rsyslog" is an optional identifier to help identify messaging streams in the pipeline. input { udp { host => "logstash_private_ip" port => 10514 codec => "json" type => "rsyslog" } } # This is an empty filter block. You can later add other filters here to further process # your log lines filter { } # This output block will send all events of type "rsyslog" to Elasticsearch at the configured # host and port into daily indices of the pattern, "rsyslog-YYYY.MM.DD" output { if [type] == "rsyslog" { elasticsearch { hosts => [ "elasticsearch_private_ip:9200" ] } } }
+12
source share
7 answers

for old logstash

 /opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/

It later became installed in / usr / share / logstash, so try either

 /usr/share/logstash/bin/logstash --configtest -f <the config file/folder>

Or, if version 5.1+ is running, use --config.test_and_exit

 /usr/share/logstash/bin/logstash --config.test_and_exit -f <the config file/folder>
+45
source

I had the same problem and it helped me a lot:

If you are using Logstash version 5, the following command to verify the configuration will give you an error:

 sudo /opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/

The correct command to check is:

 sudo -u logstash /usr/share/logstash/bin/logstash --path.settings /etc/logstash -t

I have been using ELK + filebeat since Ubuntu Server 16.04, and my result was as follows: Sending Logstash logs to / var / log / logstash, which is now configured through log4j2.properties OK Configuration

Sources: https://www.elastic.co/guide/en/logstash/current/running-logstash.html ; https://github.com/elastic/logstash/issues/6161

+13
source

Using the official logstash Docker image to check the local file:

 docker run -it -v /etc/logstash:/etc/logstash logstash /usr/share/logstash/bin/logstash -t -f /etc/logstash/logstash.conf

It is assumed that your configuration file is locally located in /etc/logstash , then mounts this folder into the container under the same path. Then the binary can find the configuration file inside the container.

Maybe the best way to run this command, it worked for me.

+6
source

for logstash 5.1 its

 /usr/share/logstash/bin/logstash --config.test_and_exit -f logstash.yml
+6
source

You must do this on CentOS version 7:

 /etc/rc.d/init.d/logstash configtest /etc/logstash/conf.d/test.conf
+1
source

If you want to test your configs with the docker logstash 6.x container

 docker run -it -v $PWD:/etc/logstash/conf.d --entrypoint "bin/logstash" logstash "--config.test_and_exit"
+1
source

On Centos 7, you can also use the following command:

 /usr/share/logstash/bin/logstash --path.settings /etc/logstash/ --config.test_and_exit /etc/logstash/conf.d/logstash.conf
0
source

Source: https://habr.com/ru/post/1261923/

More articles:


All Articles