Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

logstash issues after manual install

https://support.nagios.com/forum/viewtopic.php?t=75963

Page 1 of 1

logstash issues after manual install

Posted: Fri Dec 06, 2024 10:55 am
by sfarrell
logstash appears to be running but shows "session closed for user nagios"

Code: Select all

● logstash.service - LSB: Logstash
   Loaded: loaded (/etc/rc.d/init.d/logstash; generated)
   Active: active (exited) since Fri 2024-12-06 09:56:20 CST; 22s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 431049 ExecStop=/etc/rc.d/init.d/logstash stop (code=exited, status=0/SUCCESS)
  Process: 431098 ExecStart=/etc/rc.d/init.d/logstash start (code=exited, status=0/SUCCESS)

Dec 06 09:56:20 nagiosls systemd[1]: Starting LSB: Logstash...
Dec 06 09:56:20 nagiosls logstash[431098]: Starting Logstash Daemon:
Dec 06 09:56:20 nagiosls logstash[431111]: warning: usleep is deprecated, and will be removed in near future!
Dec 06 09:56:20 nagiosls logstash[431111]: warning: use "sleep 0.5" instead...
Dec 06 09:56:20 nagiosls runuser[431110]: pam_unix(runuser:session): session opened for user nagios by (uid=0)
Dec 06 09:56:20 nagiosls logstash[431098]: [  OK  ]
Dec 06 09:56:20 nagiosls systemd[1]: Started LSB: Logstash.
Dec 06 09:56:29 nagiosls runuser[431110]: pam_unix(runuser:session): session closed for user nagios
LOG OUTPUT: /var/log/logstash/

Code: Select all

{:timestamp=>"2024-12-06T09:56:25.980000-0600", :message=>"Pipeline main started"}
{:timestamp=>"2024-12-06T09:56:26.180000-0600", :message=>"Pipeline main has been shutdown"}
{:timestamp=>"2024-12-06T09:56:28.992000-0600", :message=>"stopping pipeline", :id=>"main"}
OUTPUT from debug

Code: Select all

[nagios@nagiosls bin]$ ./logstash -f /usr/local/nagioslogserver/logstash/etc/conf.d/ --debug
Reading config file {:config_file=>"/usr/local/nagioslogserver/logstash/etc/conf.d/000_inputs.conf", :level=>:debug, :file=>"logstash/config/loader.rb", :line=>"69", :method=>"local_config"}
Reading config file {:config_file=>"/usr/local/nagioslogserver/logstash/etc/conf.d/500_filters.conf", :level=>:debug, :file=>"logstash/config/loader.rb", :line=>"69", :method=>"local_config"}
Reading config file {:config_file=>"/usr/local/nagioslogserver/logstash/etc/conf.d/501_live_filters.conf", :level=>:debug, :file=>"logstash/config/loader.rb", :line=>"69", :method=>"local_config"}
Reading config file {:config_file=>"/usr/local/nagioslogserver/logstash/etc/conf.d/998_live_outputs.conf", :level=>:debug, :file=>"logstash/config/loader.rb", :line=>"69", :method=>"local_config"}
Reading config file {:config_file=>"/usr/local/nagioslogserver/logstash/etc/conf.d/999_outputs.conf", :level=>:debug, :file=>"logstash/config/loader.rb", :line=>"69", :method=>"local_config"}
Plugin not defined in namespace, checking for plugin file {:type=>"filter", :name=>"mutate", :path=>"logstash/filters/mutate", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"86", :method=>"lookup"}
config LogStash::Filters::Mutate/@join = {"alert_names"=>","} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Mutate/@add_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Mutate/@remove_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Mutate/@add_field = {} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Mutate/@remove_field = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Mutate/@periodic_flush = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
Plugin not defined in namespace, checking for plugin file {:type=>"filter", :name=>"ruby", :path=>"logstash/filters/ruby", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"86", :method=>"lookup"}
config LogStash::Filters::Ruby/@code = "alert_names = event.get(\"alert_names\")\n                     event.set(\"alert_names_enc\", URI.encode_www_form_component(alert_names).gsub(\"+\", \"%20\"))\n                     message = event.get(\"message\")\n                     event.set(\"rta_message_enc\", URI.encode_www_form_component(message).gsub(\"+\", \"%20\"))" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Ruby/@add_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Ruby/@remove_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Ruby/@add_field = {} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Ruby/@remove_field = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Filters::Ruby/@periodic_flush = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
Plugin not defined in namespace, checking for plugin file {:type=>"output", :name=>"elasticsearch", :path=>"logstash/outputs/elasticsearch", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"86", :method=>"lookup"}
starting agent {:level=>:info, :file=>"logstash/agent.rb", :line=>"213", :method=>"execute"}
starting pipeline {:id=>"main", :level=>:info, :file=>"logstash/agent.rb", :line=>"487", :method=>"start_pipeline"}
Settings: Default pipeline workers: 8
Plugin not defined in namespace, checking for plugin file {:type=>"codec", :name=>"plain", :path=>"logstash/codecs/plain", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"86", :method=>"lookup"}
config LogStash::Codecs::Plain/@charset = "UTF-8" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@hosts = ["localhost"] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@document_type = "%{type}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@workers = 4 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain charset=>"UTF-8"> {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@index = "logstash-%{+YYYY.MM.dd}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@manage_template = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_name = "logstash" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_overwrite = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@parent = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@flush_size = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@idle_flush_time = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@upsert = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@doc_as_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@max_retries = 3 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_type = "inline" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_lang = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_var_name = "event" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@scripted_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_interval = 2 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_items = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_on_conflict = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@pipeline = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@action = "index" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@ssl_certificate_verification = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing_delay = 5 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@discovery = "zen" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@aws_protocol = "https" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
Normalizing http path {:path=>nil, :normalized=>nil, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client_builder.rb", :line=>"18", :method=>"build"}
Elasticsearch HTTP client options {:hosts=>["http://localhost:9200"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"127", :method=>"build_client"}
Using mapping template from {:path=>nil, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"6", :method=>"install_template"}
Attempting to install template {:manage_template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"string", "index"=>"not_analyzed"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"float"}, "longitude"=>{"type"=>"float"}}}}}}}, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"8", :method=>"install_template"}
Found existing Elasticsearch template. Skipping template management {:name=>"logstash", :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"30", :method=>"template_install"}
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost"], :level=>:info, :file=>"logstash/outputs/elasticsearch/common.rb", :line=>"19", :method=>"register"}
Will start workers for output {:worker_count=>4, :class=>"LogStash::Outputs::ElasticSearch", :level=>:debug, :file=>"logstash/output_delegator.rb", :line=>"77", :method=>"register"}
config LogStash::Codecs::Plain/@charset = "UTF-8" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@hosts = ["localhost"] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@document_type = "%{type}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@workers = 4 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain charset=>"UTF-8"> {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@index = "logstash-%{+YYYY.MM.dd}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@manage_template = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_name = "logstash" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_overwrite = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@parent = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@flush_size = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@idle_flush_time = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@upsert = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@doc_as_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@max_retries = 3 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_type = "inline" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_lang = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_var_name = "event" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@scripted_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_interval = 2 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_items = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_on_conflict = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@pipeline = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@action = "index" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@ssl_certificate_verification = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing_delay = 5 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@discovery = "zen" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@aws_protocol = "https" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Codecs::Plain/@charset = "UTF-8" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@hosts = ["localhost"] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@document_type = "%{type}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@workers = 4 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain charset=>"UTF-8"> {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@index = "logstash-%{+YYYY.MM.dd}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@manage_template = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_name = "logstash" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_overwrite = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@parent = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@flush_size = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@idle_flush_time = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@upsert = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@doc_as_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@max_retries = 3 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_type = "inline" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_lang = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_var_name = "event" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@scripted_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_interval = 2 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_items = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_on_conflict = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@pipeline = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@action = "index" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@ssl_certificate_verification = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing_delay = 5 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@discovery = "zen" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@aws_protocol = "https" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Codecs::Plain/@charset = "UTF-8" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@hosts = ["localhost"] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@document_type = "%{type}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@workers = 4 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@codec = <LogStash::Codecs::Plain charset=>"UTF-8"> {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@index = "logstash-%{+YYYY.MM.dd}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@manage_template = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_name = "logstash" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@template_overwrite = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@parent = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@flush_size = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@idle_flush_time = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@upsert = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@doc_as_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@max_retries = 3 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_type = "inline" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_lang = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@script_var_name = "event" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@scripted_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_interval = 2 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_max_items = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@retry_on_conflict = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@pipeline = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@action = "index" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@ssl_certificate_verification = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@sniffing_delay = 5 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@discovery = "zen" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
config LogStash::Outputs::ElasticSearch/@aws_protocol = "https" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"154", :method=>"config_init"}
Normalizing http path {:path=>nil, :normalized=>nil, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client_builder.rb", :line=>"18", :method=>"build"}
Elasticsearch HTTP client options {:hosts=>["http://localhost:9200"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"127", :method=>"build_client"}
Using mapping template from {:path=>nil, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"6", :method=>"install_template"}
Attempting to install template {:manage_template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"string", "index"=>"not_analyzed"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"float"}, "longitude"=>{"type"=>"float"}}}}}}}, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"8", :method=>"install_template"}
Found existing Elasticsearch template. Skipping template management {:name=>"logstash", :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"30", :method=>"template_install"}
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost"], :level=>:info, :file=>"logstash/outputs/elasticsearch/common.rb", :line=>"19", :method=>"register"}
Normalizing http path {:path=>nil, :normalized=>nil, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client_builder.rb", :line=>"18", :method=>"build"}
Elasticsearch HTTP client options {:hosts=>["http://localhost:9200"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"127", :method=>"build_client"}
Using mapping template from {:path=>nil, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"6", :method=>"install_template"}
Attempting to install template {:manage_template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"string", "index"=>"not_analyzed"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"float"}, "longitude"=>{"type"=>"float"}}}}}}}, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"8", :method=>"install_template"}
Found existing Elasticsearch template. Skipping template management {:name=>"logstash", :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"30", :method=>"template_install"}
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost"], :level=>:info, :file=>"logstash/outputs/elasticsearch/common.rb", :line=>"19", :method=>"register"}
Normalizing http path {:path=>nil, :normalized=>nil, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client_builder.rb", :line=>"18", :method=>"build"}
Elasticsearch HTTP client options {:hosts=>["http://localhost:9200"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"127", :method=>"build_client"}
Using mapping template from {:path=>nil, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"6", :method=>"install_template"}
Attempting to install template {:manage_template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"string", "index"=>"not_analyzed"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"float"}, "longitude"=>{"type"=>"float"}}}}}}}, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"8", :method=>"install_template"}
Found existing Elasticsearch template. Skipping template management {:name=>"logstash", :level=>:debug, :file=>"logstash/outputs/elasticsearch/http_client.rb", :line=>"30", :method=>"template_install"}
New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost"], :level=>:info, :file=>"logstash/outputs/elasticsearch/common.rb", :line=>"19", :method=>"register"}
Starting pipeline {:id=>"main", :pipeline_workers=>8, :batch_size=>125, :batch_delay=>5, :max_inflight=>1000, :level=>:info, :file=>"logstash/pipeline.rb", :line=>"188", :method=>"start_workers"}
Pipeline main started {:file=>"logstash/agent.rb", :line=>"491", :method=>"start_pipeline"}
Input plugins stopped! Will shutdown filter/output workers. {:level=>:info, :file=>"logstash/pipeline.rb", :line=>"148", :method=>"run"}
Pushing flush onto pipeline {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"458", :method=>"flush"}
Pushing shutdown {:thread=>"#<Thread:0x736f81d6 run>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x76e0d777 sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x237f90b8 sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x705aed55 sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x6bcc7fe2 sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x1a569900 sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x7d7357ff sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Pushing shutdown {:thread=>"#<Thread:0x5e698537 sleep>", :level=>:debug, :file=>"logstash/pipeline.rb", :line=>"395", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x736f81d6> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x76e0d777> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x237f90b8> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x705aed55> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x6bcc7fe2> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x1a569900> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x7d7357ff> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
Shutdown waiting for worker thread #<Thread:0x5e698537> {:level=>:debug, :file=>"logstash/pipeline.rb", :line=>"400", :method=>"shutdown_workers"}
closing {:plugin=>"LogStash::Filters::Mutate", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"37", :method=>"do_close"}
closing {:plugin=>"LogStash::Filters::Ruby", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"37", :method=>"do_close"}
closing output delegator {:klass=>"LogStash::Outputs::ElasticSearch", :level=>:debug, :file=>"logstash/output_delegator.rb", :line=>"137", :method=>"do_close"}
closing {:plugin=>"LogStash::Outputs::ElasticSearch", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"37", :method=>"do_close"}
closing {:plugin=>"LogStash::Outputs::ElasticSearch", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"37", :method=>"do_close"}
closing {:plugin=>"LogStash::Outputs::ElasticSearch", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"37", :method=>"do_close"}
closing {:plugin=>"LogStash::Outputs::ElasticSearch", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"37", :method=>"do_close"}
Pipeline main has been shutdown {:file=>"logstash/agent.rb", :line=>"491", :method=>"start_pipeline"}
stopping pipeline {:id=>"main", :file=>"logstash/agent.rb", :line=>"406", :method=>"shutdown_pipelines"}
Closing inputs {:level=>:info, :file=>"logstash/pipeline.rb", :line=>"384", :method=>"shutdown"}
Closed inputs {:level=>:info, :file=>"logstash/pipeline.rb", :line=>"386", :method=>"shutdown"}

Any assistance with this would be appreciated.

Re: logstash issues after manual install

Posted: Fri Dec 06, 2024 1:19 pm
by kg2857
Logstash isn't running. Look into the warnings below.

Active: active (exited) since Fri 2024-12-06 09:56:20 CST; 22s ago

Dec 06 09:56:20 nagiosls logstash[431111]: warning: usleep is deprecated, and will be removed in near future!
Dec 06 09:56:20 nagiosls logstash[431111]: warning: use "sleep 0.5" instead...

Re: logstash issues after manual install

Posted: Fri Dec 06, 2024 1:23 pm
by sfarrell
thank you for the response. After more digging around I found that for some reason the 000_inputs.conf was empty. I was able to pull the file from an older instance of NLS. Thinks seem to be working now.

R/

Re: logstash issues after manual install

Posted: Mon Dec 09, 2024 2:44 pm
by jmichaelson
In order for that to be persistent, you'll need to make sure its' set in the configure->global configuration section of the Nagios Log Server UI. It's possible that you have configuration there already. that may not be working. Try doing a verify configuration on that page and note any errors.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited