root@elk-7d8pm:/var/log/logstash# date
Tue Mar 10 22:50:26 CST 2020
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
root@elk-7d8pm:/var/log/logstash# cat logstash.err
Thread.exclusive is deprecated, use Thread::Mutex
root@elk-7d8pm:/var/log/logstash# cat logstash.err
Thread.exclusive is deprecated, use Thread::Mutex
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:51:04,627][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:51:09,017][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:51:04,627][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:51:09,017][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:51:04,627][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:51:09,017][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:51:04,627][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:51:09,017][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:51:04,627][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:51:09,017][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cd /etc/init.d/
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash
Usage: {start|stop|force-stop|status|restart}
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is not running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash restart
logstash started.
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ls
cron elasticsearch hwclock.sh kibana logstash procps ssh syslog-ng x11-common
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ls
cron elasticsearch hwclock.sh kibana logstash procps ssh syslog-ng x11-common
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is not running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash restart
logstash started.
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ps aux | grep logstash
root 308 0.0 0.0 7808 664 ? S 21:54 0:00 tail -f /var/log/elasticsearch/{"error":{"root_cause":[{"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}}],"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}},"status":401}.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log
logstash 655 195 1.2 3306584 208256 pts/0 SNl 22:55 0:15 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -Dlog4j2.isThreadContextMapInheritable=true -Djava.io.tmpdir=/opt/logstash -cp /opt/logstash/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/opt/logstash/logstash-core/lib/jars/commons-codec-1.11.jar:/opt/logstash/logstash-core/lib/jars/commons-compiler-3.0.11.jar:/opt/logstash/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/opt/logstash/logstash-core/lib/jars/google-java-format-1.1.jar:/opt/logstash/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/opt/logstash/logstash-core/lib/jars/guava-22.0.jar:/opt/logstash/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/opt/logstash/logstash-core/lib/jars/jackson-annotations-2.9.9.jar:/opt/logstash/logstash-core/lib/jars/jackson-core-2.9.9.jar:/opt/logstash/logstash-core/lib/jars/jackson-databind-2.9.9.3.jar:/opt/logstash/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.9.jar:/opt/logstash/logstash-core/lib/jars/janino-3.0.11.jar:/opt/logstash/logstash-core/lib/jars/javassist-3.24.0-GA.jar:/opt/logstash/logstash-core/lib/jars/jruby-complete-9.2.8.0.jar:/opt/logstash/logstash-core/lib/jars/jsr305-1.3.9.jar:/opt/logstash/logstash-core/lib/jars/log4j-api-2.11.1.jar:/opt/logstash/logstash-core/lib/jars/log4j-core-2.11.1.jar:/opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.11.1.jar:/opt/logstash/logstash-core/lib/jars/logstash-core.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/opt/logstash/logstash-core/lib/jars/reflections-0.9.11.jar:/opt/logstash/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash --path.logs /var/log/logstash
root 684 0.0 0.0 14728 1004 pts/0 S+ 22:55 0:00 grep --color=auto logstash
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ps aux | grep logstash
root 308 0.0 0.0 7808 664 ? S 21:54 0:00 tail -f /var/log/elasticsearch/{"error":{"root_cause":[{"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}}],"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}},"status":401}.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log
logstash 655 213 2.1 3325672 346428 pts/0 SNl 22:55 1:42 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -Djruby.regexp.interruptible=true -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -Dlog4j2.isThreadContextMapInheritable=true -Djava.io.tmpdir=/opt/logstash -cp /opt/logstash/logstash-core/lib/jars/animal-sniffer-annotations-1.14.jar:/opt/logstash/logstash-core/lib/jars/commons-codec-1.11.jar:/opt/logstash/logstash-core/lib/jars/commons-compiler-3.0.11.jar:/opt/logstash/logstash-core/lib/jars/error_prone_annotations-2.0.18.jar:/opt/logstash/logstash-core/lib/jars/google-java-format-1.1.jar:/opt/logstash/logstash-core/lib/jars/gradle-license-report-0.7.1.jar:/opt/logstash/logstash-core/lib/jars/guava-22.0.jar:/opt/logstash/logstash-core/lib/jars/j2objc-annotations-1.1.jar:/opt/logstash/logstash-core/lib/jars/jackson-annotations-2.9.9.jar:/opt/logstash/logstash-core/lib/jars/jackson-core-2.9.9.jar:/opt/logstash/logstash-core/lib/jars/jackson-databind-2.9.9.3.jar:/opt/logstash/logstash-core/lib/jars/jackson-dataformat-cbor-2.9.9.jar:/opt/logstash/logstash-core/lib/jars/janino-3.0.11.jar:/opt/logstash/logstash-core/lib/jars/javassist-3.24.0-GA.jar:/opt/logstash/logstash-core/lib/jars/jruby-complete-9.2.8.0.jar:/opt/logstash/logstash-core/lib/jars/jsr305-1.3.9.jar:/opt/logstash/logstash-core/lib/jars/log4j-api-2.11.1.jar:/opt/logstash/logstash-core/lib/jars/log4j-core-2.11.1.jar:/opt/logstash/logstash-core/lib/jars/log4j-slf4j-impl-2.11.1.jar:/opt/logstash/logstash-core/lib/jars/logstash-core.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.commands-3.6.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.contenttype-3.4.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.expressions-3.4.300.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.filesystem-1.3.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.jobs-3.5.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.resources-3.7.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.core.runtime-3.7.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.app-1.3.100.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.common-3.6.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.preferences-3.4.1.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.equinox.registry-3.5.101.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.jdt.core-3.10.0.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.osgi-3.7.1.jar:/opt/logstash/logstash-core/lib/jars/org.eclipse.text-3.5.101.jar:/opt/logstash/logstash-core/lib/jars/reflections-0.9.11.jar:/opt/logstash/logstash-core/lib/jars/slf4j-api-1.7.25.jar org.logstash.Logstash --path.logs /var/log/logstash
root 686 0.0 0.0 14728 1008 pts/0 R+ 22:56 0:00 grep --color=auto logstash
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is not running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ps aux | grep logstash
root 308 0.0 0.0 7808 664 ? S 21:54 0:00 tail -f /var/log/elasticsearch/{"error":{"root_cause":[{"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}}],"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}},"status":401}.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log
root 712 0.0 0.0 14728 1008 pts/0 S+ 22:57 0:00 grep --color=auto logstash
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ps aux | grep logstash
root 308 0.0 0.0 7808 664 ? S 21:54 0:00 tail -f /var/log/elasticsearch/{"error":{"root_cause":[{"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}}],"type":"security_exception","reason":"missingauthenticationcredentialsforRESTrequest[/_cat/health?h=cluster]","header":{"WWW-Authenticate":"Basicrealm=\"security\"charset=\"UTF-8\""}},"status":401}.log /var/log/logstash/logstash-plain.log /var/log/kibana/kibana5.log
root 714 0.0 0.0 14728 1008 pts/0 S+ 22:57 0:00 grep --color=auto logstash
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# cd /var/log
root@elk-7d8pm:/var/log#
root@elk-7d8pm:/var/log# ls
alternatives.log apt bootstrap.log btmp dpkg.log elasticsearch faillog fontconfig.log kibana lastlog logstash syslog tallylog wtmp
root@elk-7d8pm:/var/log#
root@elk-7d8pm:/var/log#
root@elk-7d8pm:/var/log# cd logstash/
root@elk-7d8pm:/var/log/logstash# ls
logstash.err logstash-plain.log logstash-slowlog-plain.log logstash.stdout
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# ls
logstash.err logstash-plain.log logstash-slowlog-plain.log logstash.stdout
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:56:40,982][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:56:48,782][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:56:49,725][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:56:54,298][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# ls
logstash.err logstash-plain.log logstash-slowlog-plain.log logstash.stdout
root@elk-7d8pm:/var/log/logstash# cat logstash-plain.log
[2020-02-29T19:35:12,349][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.queue", :path=>"/opt/logstash/data/queue"}
[2020-02-29T19:35:12,372][INFO ][logstash.setting.writabledirectory] Creating directory {:setting=>"path.dead_letter_queue", :path=>"/opt/logstash/data/dead_letter_queue"}
[2020-02-29T19:35:12,932][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-02-29T19:35:12,968][INFO ][logstash.agent ] No persistent UUID file found. Generating new UUID {:uuid=>"95bcfc20-012e-410c-b942-a7c1ef59e3ba", :path=>"/opt/logstash/data/uuid"}
[2020-02-29T19:35:14,791][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-02-29T19:35:15,099][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-02-29T19:35:20,041][INFO ][logstash.runner ] Logstash shut down.
[2020-02-29T19:45:41,838][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-02-29T19:45:43,705][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-02-29T19:45:44,082][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-02-29T19:45:48,953][INFO ][logstash.runner ] Logstash shut down.
[2020-03-01T18:10:14,085][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-01T18:10:15,574][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-01T18:10:15,888][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-01T18:10:20,753][INFO ][logstash.runner ] Logstash shut down.
[2020-03-01T18:19:23,296][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-01T18:19:24,906][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-01T18:19:25,185][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-01T18:19:30,131][INFO ][logstash.runner ] Logstash shut down.
[2020-03-01T18:26:46,649][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-01T18:26:48,376][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-01T18:26:48,660][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-01T18:26:53,533][INFO ][logstash.runner ] Logstash shut down.
[2020-03-10T21:44:17,692][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T21:44:24,135][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T21:44:25,294][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T21:44:29,880][INFO ][logstash.runner ] Logstash shut down.
[2020-03-10T21:55:22,820][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T21:55:29,167][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T21:55:30,356][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T21:55:34,985][INFO ][logstash.runner ] Logstash shut down.
[2020-03-10T22:50:50,438][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:51:03,554][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:51:04,627][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:51:09,017][INFO ][logstash.runner ] Logstash shut down.
[2020-03-10T22:54:30,724][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:54:36,509][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:54:37,523][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:54:41,995][INFO ][logstash.runner ] Logstash shut down.
[2020-03-10T22:56:40,982][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:56:48,782][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:56:49,725][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:56:54,298][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# date
Tue Mar 10 22:58:30 CST 2020
root@elk-7d8pm:/var/log/logstash# ls
logstash.err logstash-plain.log logstash-slowlog-plain.log logstash.stdout
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash-slowlog-plain.log
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T22:56:40,982][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T22:56:48,782][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T22:56:49,725][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T22:56:54,298][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cd /etc/logstash/
root@elk-7d8pm:/etc/logstash# ls
conf.d
root@elk-7d8pm:/etc/logstash# cd conf.d/
root@elk-7d8pm:/etc/logstash/conf.d# ls
11-nginx.conf logstash-cs.conf logstash-fw.conf logstash-openstack.conf logstash-vetrix.conf logstash-vetrix.conf.bak logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# rm logstash-vetrix.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# mv logstash-vetrix.conf.bak logstash-vetrix.conf
root@elk-7d8pm:/etc/logstash/conf.d# ls
11-nginx.conf logstash-cs.conf logstash-fw.conf logstash-openstack.conf logstash-vetrix.conf logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# cd ../
root@elk-7d8pm:/etc/logstash#
root@elk-7d8pm:/etc/logstash# cd ../
root@elk-7d8pm:/etc# cd init.d/
root@elk-7d8pm:/etc/init.d# ls
cron elasticsearch hwclock.sh kibana logstash procps ssh syslog-ng x11-common
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash restart
logstash started.
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ./logstash status
logstash is running
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# cd /var/lo
bash: cd: /var/lo: No such file or directory
root@elk-7d8pm:/etc/init.d# cd /var/log
root@elk-7d8pm:/var/log#
root@elk-7d8pm:/var/log#
root@elk-7d8pm:/var/log# ls
alternatives.log apt bootstrap.log btmp dpkg.log elasticsearch faillog fontconfig.log kibana lastlog logstash syslog tallylog wtmp
root@elk-7d8pm:/var/log#
root@elk-7d8pm:/var/log# cd logstash/
root@elk-7d8pm:/var/log/logstash# ls
logstash.err logstash-plain.log logstash-slowlog-plain.log logstash.stdout
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
root@elk-7d8pm:/var/log/logstash# ~
bash: /root: Is a directory
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:01:45,131][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:01:45,131][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T23:01:46,251][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:01:45,131][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T23:01:46,251][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:01:45,131][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T23:01:46,251][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T23:01:50,834][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:01:45,131][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T23:01:46,251][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T23:01:50,834][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cat logstash.stdout
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2020-03-10T23:01:38,465][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:01:45,131][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T23:01:46,251][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T23:01:50,834][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash#
root@elk-7d8pm:/var/log/logstash# cd /etc/init.d/
root@elk-7d8pm:/etc/init.d# ls
cron elasticsearch hwclock.sh kibana logstash procps ssh syslog-ng x11-common
root@elk-7d8pm:/etc/init.d# ./logstash
Usage: {start|stop|force-stop|status|restart}
root@elk-7d8pm:/etc/init.d# ls /opt/
elasticsearch kibana logstash
root@elk-7d8pm:/etc/init.d# cd logstash
bash: cd: logstash: Not a directory
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# cd /opt
root@elk-7d8pm:/opt#
root@elk-7d8pm:/opt# ls
elasticsearch kibana logstash
root@elk-7d8pm:/opt# cd logstash/
root@elk-7d8pm:/opt/logstash# ls
bin config CONTRIBUTORS data Gemfile Gemfile.lock lib LICENSE.txt logstash-core logstash-core-plugin-api modules NOTICE.TXT patterns tools vendor x-pack
root@elk-7d8pm:/opt/logstash# cd bin/
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ls
benchmark.sh dependencies-report logstash logstash-keystore logstash.lib.sh logstash-plugin.bat pqrepair setup.bat
cpdump ingest-convert.sh logstash.bat logstash-keystore.bat logstash-plugin pqcheck ruby system-install
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ./logstash -t /etc/logstash/conf.d/
Thread.exclusive is deprecated, use Thread::Mutex
Sending Logstash logs to /opt/logstash/logs which is now configured via log4j2.properties
[2020-03-10T23:09:20,304][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.4.0"}
[2020-03-10T23:09:27,962][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, {, } at line 68, column 23 (byte 1192) after output {\n\nif [product]==\"cs\"\n{\n\n# if \"_grokparsefailure\" in [tags] {\n file {\n path => \"/tmp/var/log/parse_failures.log\"\n }\n # }\n\n elasticsearch {\n hosts => [\"localhost\"]\n manage_template => false\n index => \"product-cs-%{+YYYY.MM.dd}\"\n user => elastic\n password => venus", :backtrace=>["/opt/logstash/logstash-core/lib/logstash/compiler.rb:41:in `compile_imperative'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:49:in `compile_graph'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:11:in `block in compile_sources'", "org/jruby/RubyArray.java:2584:in `map'", "/opt/logstash/logstash-core/lib/logstash/compiler.rb:10:in `compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:153:in `initialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/java_pipeline.rb:26:in `initialize'", "/opt/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in `execute'", "/opt/logstash/logstash-core/lib/logstash/agent.rb:326:in `block in converge_state'"]}
[2020-03-10T23:09:28,924][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-03-10T23:09:33,525][INFO ][logstash.runner ] Logstash shut down.
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ./logstash --path.settings /logstash/config/ -f /logstash/config/syslog.conf --config.test_and_exit
^Croot@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ./logstash --path.settings /etc/logstash/conf.d/ -f /etc/logstash/conf.d/logstash-cs.conf --config.test_and_exit
Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /etc/logstash/conf.d/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-03-10 23:12:34.141 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[FATAL] 2020-03-10 23:12:38.833 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, {, } at line 60, column 23 (byte 1078) after output {
if [product]=="cs"
{
# if "_grokparsefailure" in [tags] {
file {
path => "/tmp/var/log/parse_failures.log"
}
# }
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "product-cs-%{+YYYY.MM.dd}"
user => elastic
password => venus
[ERROR] 2020-03-10 23:12:38.864 [LogStash::Runner] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ls /etc/logstash/conf.d/
11-nginx.conf logstash-cs.conf logstash-fw.conf logstash-openstack.conf logstash-vetrix.conf logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ./logstash --path.settings /etc/logstash/conf.d/ -f /etc/logstash/conf.d/logstash-vetrix.conf --config.test_and_exit
Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /etc/logstash/conf.d/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-03-10 23:15:35.762 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[FATAL] 2020-03-10 23:15:38.490 [LogStash::Runner] runner - The given configuration is invalid. Reason: Expected one of #, {, } at line 20, column 22 (byte 307) after output {
if [type]=="vetrix"
{
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "vetrix-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
user => elastic
password => venus
[ERROR] 2020-03-10 23:15:38.525 [LogStash::Runner] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ls
benchmark.sh dependencies-report logstash logstash-keystore logstash.lib.sh logstash-plugin.bat pqrepair setup.bat
cpdump ingest-convert.sh logstash.bat logstash-keystore.bat logstash-plugin pqcheck ruby system-install
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# cd /etc/init.d/
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ls
cron elasticsearch hwclock.sh kibana logstash procps ssh syslog-ng x11-common
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# ls
cron elasticsearch hwclock.sh kibana logstash procps ssh syslog-ng x11-common
root@elk-7d8pm:/etc/init.d#
root@elk-7d8pm:/etc/init.d# cd /
root@elk-7d8pm:/#
root@elk-7d8pm:/#
root@elk-7d8pm:/# cd etc/logstash/conf.d/
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# ls
11-nginx.conf logstash-cs.conf logstash-fw.conf logstash-openstack.conf logstash-vetrix.conf logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# vi 11-nginx.conf
root@elk-7d8pm:/etc/logstash/conf.d# vi logstash-cs.conf
root@elk-7d8pm:/etc/logstash/conf.d# cat logstash-fw.conf
input {
udp {
port => 5160
add_field=>{"product" => "fw"}
codec => plain{
charset=>"UTF-8"
}
}
}
filter {
if [product]=="fw" {
kv {
field_split => ";"
}
}
}
output {
if [product]=="fw"
{
if [type]=="flood-attack" or [type]=="scan-attack" or [type]=="abnormal-packet" or [type]=="arp-attack"
{
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "product-fw-%{+YYYY.MM.dd}"
}
}
}
}
root@elk-7d8pm:/etc/logstash/conf.d# Z
bash: Z: command not found
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# ls
11-nginx.conf logstash-cs.conf logstash-cs.conf~ logstash-fw.conf logstash-fw.conf~ logstash-openstack.conf logstash-vetrix.conf logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# cat logstash-fw.conf
input {
udp {
port => 5160
add_field=>{"product" => "fw"}
codec => plain{
charset=>"UTF-8"
}
}
}
filter {
if [product]=="fw" {
kv {
field_split => ";"
}
}
}
output {
if [product]=="fw"
{
if [type]=="flood-attack" or [type]=="scan-attack" or [type]=="abnormal-packet" or [type]=="arp-attack"
{
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "product-fw-%{+YYYY.MM.dd}"
}
}
}
}
root@elk-7d8pm:/etc/logstash/conf.d# cat logstash-fw.conf~
input {
udp {
port => 5160
add_field=>{"product" => "fw"}
codec => plain{
charset=>"UTF-8"
}
}
}
filter {
if [product]=="fw" {
kv {
field_split => ";"
}
}
}
output {
if [product]=="fw"
{
if [type]=="flood-attack" or [type]=="scan-attack" or [type]=="abnormal-packet" or [type]=="arp-attack"
{
elasticsearch {
hosts => ["localhost"]
manage_template => false
index => "product-fw-%{+YYYY.MM.dd}"
user => elastic
password => venus@vcloud2020
}
}
}
}
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# ./logstash --path.settings /etc/logstash/conf.d/ -f /etc/logstash/conf.d/logstash-cs.conf --config.test_and_exit
bash: ./logstash: No such file or directory
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# cd /opt/logstash/
root@elk-7d8pm:/opt/logstash#
root@elk-7d8pm:/opt/logstash# cd bin/
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# ./logstash --path.settings /etc/logstash/conf.d/ -f /etc/logstash/conf.d/logstash-cs.conf --config.test_and_exit
Thread.exclusive is deprecated, use Thread::Mutex
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /etc/logstash/conf.d/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2020-03-10 23:20:35.398 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2020-03-10 23:20:41.106 [LogStash::Runner] Reflections - Reflections took 134 ms to scan 1 urls, producing 20 keys and 40 values
Configuration OK
[INFO ] 2020-03-10 23:20:44.077 [LogStash::Runner] runner - Using config.test_and_exit mode. Config Validation Result: OK. Exiting Logstash
root@elk-7d8pm:/opt/logstash/bin#
root@elk-7d8pm:/opt/logstash/bin# cd /
root@elk-7d8pm:/#
root@elk-7d8pm:/# ls
1 bd_build bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@elk-7d8pm:/#
root@elk-7d8pm:/# ls
1 bd_build bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
root@elk-7d8pm:/#
root@elk-7d8pm:/# cd etc/logstash/conf.d/
root@elk-7d8pm:/etc/logstash/conf.d# ls
11-nginx.conf logstash-cs.conf logstash-cs.conf~ logstash-fw.conf logstash-fw.conf~ logstash-openstack.conf logstash-vetrix.conf logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# ls
11-nginx.conf logstash-cs.conf logstash-cs.conf~ logstash-fw.conf logstash-fw.conf~ logstash-openstack.conf logstash-vetrix.conf logstash-waf.conf logstash-webapp.conf
root@elk-7d8pm:/etc/logstash/conf.d#
root@elk-7d8pm:/etc/logstash/conf.d# vi logstash-openstack.conf
root@elk-7d8pm:/etc/logstash/conf.d#
阅读(6633) | 评论(0) | 转发(0) |
