Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Logstash configtest

Tags:

I ran service logstash configtest but error given was:

logstash: unrecognized service

I was able to run logstash service individually but not with "configtest". In etc/logstash/conf.d/ I created logstash.conf file where consist of code as present below:-

Additional info:-

service logstash status
● logstash.service - logstash
   Loaded: loaded (/etc/systemd/system/logstash.service; disabled)
   Active: active (running) since Mon 2016-12-26 12:40:58 PST; 6s ago
 Main PID: 3512 (java)
   CGroup: /system.slice/logstash.service
           └─3512 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX...

Dec 26 12:40:58 Mr systemd[1]: Started logstash.

Service while running with configtest:-

root@Mr:/# service logstash configtest
logstash: unrecognized service

I am running this on debian8 machine, hope i will get a good solution from you guys.

# This input block will listen on port 10514 for logs to come in.
# host should be an IP on the Logstash server.
# codec => "json" indicates that we expect the lines we're receiving to be in JSON format
# type => "rsyslog" is an optional identifier to help identify messaging streams in the pipeline.

input {
  udp {
    host => "logstash_private_ip"
    port => 10514
    codec => "json"
    type => "rsyslog"
  }
}

# This is an empty filter block.  You can later add other filters here to further process
# your log lines

filter { }

# This output block will send all events of type "rsyslog" to Elasticsearch at the configured
# host and port into daily indices of the pattern, "rsyslog-YYYY.MM.DD"

output {
  if [type] == "rsyslog" {
    elasticsearch {
      hosts => [ "elasticsearch_private_ip:9200" ]
    }
  }
}
like image 903
Shann Avatar asked Dec 26 '16 20:12

Shann


People also ask

How do I validate logstash config file?

Testing your configuration Before you start Logstash in production, test your configuration file. If you run Logstash from the command line, you can specify parameters that will verify your configuration for you. This will run through your configuration, verify the configuration syntax and then exit.

How do I run logstash continuously?

First you open your SSH session, then type screen at the prompt. That opens a new session in which you can run your logstash command. When it runs, you simply press Ctrl+a d in order to detach your self from that screen and you can safely logout.

Can logstash have multiple outputs?

Logstash multiple outputs refer to the process where the ingested data by the processing pipeline is transformed and further transferred to more than one output by the open-source pipeline of Logstash on the server-side.

How do I refresh my logstash config?

Just use --reload-interval or send a SIGHUP to reload the config!


1 Answers

for old logstash

/opt/logstash/bin/logstash --configtest -f /etc/logstash/conf.d/ 

Later, it became installed in /usr/share/logstash so try either

/usr/share/logstash/bin/logstash --configtest -f <the config file/folder>

Or if running version 5.1+ use --config.test_and_exit

/usr/share/logstash/bin/logstash --config.test_and_exit -f <the config file/folder>
like image 70
v_sukt Avatar answered Oct 19 '22 08:10

v_sukt