Logstash won't start on the node that I did the upgrade on
/etc/init.d/logstash restart
Restarting Logstash Daemon: [FAILED]
WARNING: Default JAVA_OPTS will be overridden by the JAVA_OPTS defined in the environment. Environment JAVA_OPTS are -Djava.io.tmpdir=/usr/local/nagioslogserver/tmp
[ OK ]
what should I do?
Can't start logstash after 2.1 Upgrade
Re: Can't start logstash after 2.1 Upgrade
Are you certain that logstash isn't already running?
If not, check the logstash logs for some more detail regarding the failure.
Let me know if there's any good information in that log. Thanks!
Code: Select all
ps -ef | grep logstashCode: Select all
cat /var/log/logstash/logstash.logRe: Can't start logstash after 2.1 Upgrade
tail -f /var/log/logstash/logstash.log
{:timestamp=>"2015-08-05T19:01:59.293000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:05:42.610000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:05:42.617000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:05:42.619000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:06:41.729000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:06:41.736000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:06:41.738000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:13:08.263000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:13:08.271000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:13:08.272000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:13:41.409000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:13:41.417000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:13:41.418000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:01:59.293000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:05:42.610000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:05:42.617000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:05:42.619000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:06:41.729000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:06:41.736000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:06:41.738000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:13:08.263000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:13:08.271000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:13:08.272000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
{:timestamp=>"2015-08-05T19:13:41.409000+0000", :message=>"Invalid setting for geoip filter plugin:\n\n filter {\n geoip {\n # This setting must be a path\n # File does not exist or cannot be opened /usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\n database => \"/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat\"\n ...\n }\n }", :level=>:error}
{:timestamp=>"2015-08-05T19:13:41.417000+0000", :message=>"Error: Something is wrong with your configuration."}
{:timestamp=>"2015-08-05T19:13:41.418000+0000", :message=>"You may be interested in the '--configtest' flag which you can\nuse to validate logstash's configuration before you choose\nto restart a running system."}
Re: Can't start logstash after 2.1 Upgrade
Lets take a look at your filter configuration - it's possible that the syntax differs between the old version of logstash and the new:
Code: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.confRe: Can't start logstash after 2.1 Upgrade
Looks like when I did the upgrade it didn't preserve the directory structure
On the node without an upgrade
pwd
/usr/local/nagioslogserver/logstash/vendor
ls -al
total 32
drwxrwxr-x 8 nagios nagios 4096 Nov 21 2014 .
drwxrwxr-x 9 nagios nagios 4096 Nov 21 2014 ..
drwxrwxr-x 3 nagios nagios 4096 Nov 21 2014 bundle
drwxrwxr-x 2 nagios nagios 4096 Nov 21 2014 collectd
drwxrwxr-x 2 nagios nagios 4096 Nov 21 2014 geoip
drwxrwxr-x 3 nagios nagios 4096 Nov 21 2014 jar
drwxrwxr-x 7 nagios nagios 4096 Nov 21 2014 kibana
drwxrwxr-x 2 nagios nagios 4096 Nov 21 2014 ua-parser
Node with upgrade
pwd
/usr/local/nagioslogserver/logstash/vendor
ls -al
total 16
drwxrwxr-x 4 nagios nagios 4096 Aug 5 18:54 .
drwxrwxr-x 9 nagios nagios 4096 Aug 5 18:54 ..
drwxrwxr-x 4 nagios nagios 4096 Aug 5 18:54 bundle
drwxrwxr-x 6 nagios nagios 4096 Aug 5 18:54 jruby
On the node without an upgrade
pwd
/usr/local/nagioslogserver/logstash/vendor
ls -al
total 32
drwxrwxr-x 8 nagios nagios 4096 Nov 21 2014 .
drwxrwxr-x 9 nagios nagios 4096 Nov 21 2014 ..
drwxrwxr-x 3 nagios nagios 4096 Nov 21 2014 bundle
drwxrwxr-x 2 nagios nagios 4096 Nov 21 2014 collectd
drwxrwxr-x 2 nagios nagios 4096 Nov 21 2014 geoip
drwxrwxr-x 3 nagios nagios 4096 Nov 21 2014 jar
drwxrwxr-x 7 nagios nagios 4096 Nov 21 2014 kibana
drwxrwxr-x 2 nagios nagios 4096 Nov 21 2014 ua-parser
Node with upgrade
pwd
/usr/local/nagioslogserver/logstash/vendor
ls -al
total 16
drwxrwxr-x 4 nagios nagios 4096 Aug 5 18:54 .
drwxrwxr-x 9 nagios nagios 4096 Aug 5 18:54 ..
drwxrwxr-x 4 nagios nagios 4096 Aug 5 18:54 bundle
drwxrwxr-x 6 nagios nagios 4096 Aug 5 18:54 jruby
Re: Can't start logstash after 2.1 Upgrade
jolson wrote:Lets take a look at your filter configuration - it's possible that the syntax differs between the old version of logstash and the new:Code: Select all
cat /usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf
Here is a snippet
filter {
ruby {
code => "begin; if !event['message'].nil?; event['message'] = event['message'].force_encoding('ASCII-8BIT').encode('UTF-8', :invalid => :replace, :undef => :replace, :replace => '?'); end; rescue; end;"
}
geoip {
add_tag => [ 'geoip' ]
database => '/usr/local/nagioslogserver/logstash/vendor/geoip/GeoLiteCity.dat'
source => 'host'
}
It's looking for this
Re: Can't start logstash after 2.1 Upgrade
Logstash now uses ruby gems for plugins - this is why the path you mentioned has been overwritten.
Regarding how to approach the issue:
Regarding how to approach the issue:
You can either remove the database setting from your filter and restart logstash (using the included GeoLiteCity Database), or you can re-add your custom database in a location less likely to be overwritten. Does that make sense?database
edit
Value type is path
There is no default value for this setting.
The path to the GeoIP database file which Logstash should use. Country, City, ASN, ISP and organization databases are supported.
If not specified, this will default to the GeoLiteCity database that ships with Logstash.
Re: Can't start logstash after 2.1 Upgrade
Ok so for a quick fix, I did create geoip forlder and copied the .dat file. It fixed the issue. I will probably put it somewhere it won't get overwritten. Logstash is now up and running. Thanks. I will let you know if I see any other issuesjolson wrote:Logstash now uses ruby gems for plugins - this is why the path you mentioned has been overwritten.
Regarding how to approach the issue:You can either remove the database setting from your filter and restart logstash (using the included GeoLiteCity Database), or you can re-add your custom database in a location less likely to be overwritten. Does that make sense?database
edit
Value type is path
There is no default value for this setting.
The path to the GeoIP database file which Logstash should use. Country, City, ASN, ISP and organization databases are supported.
If not specified, this will default to the GeoLiteCity database that ships with Logstash.
Re: Can't start logstash after 2.1 Upgrade
Sounds good to me - I'm happy to hear that this is back up and running.
Re: Can't start logstash after 2.1 Upgrade
I actually have another problem: Cluster status shows the indecies, but I click on them it shown nothingjolson wrote:Sounds good to me - I'm happy to hear that this is back up and running.