TechQA.

Logstash Config Error

570 views Asked by At

I am new to the ELK stack. Wanted to push data using a pipeline from filebeat to logstash, that'll push data to elastic. My configuration is as below:

input {
beats {
    port => "5043"
  }
}

filter {
  grok {
match => { "message" => "\A%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:var0}%{SPACE}%{NOTSPACE}%{SPACE}(?<searchinfo>[^#]*)#(?<username>[^#]*)#(?<searchQuery>[^#]*)#(?<latitude>[^#]*)#(?<longitude>[^#]*)#(?<client_ip>[^#]*)#(?<responseTime>[^#]*)" }
  }
}


output {
     stdout { codec => rubydebug }
        elasticsearch {
            index => "logstash_logs"
            document_type => "logs"
            hosts => [ "localhost:9200" ]
}

The issue is when I do a bin/logstash -f first-pipeline.conf --config.test_and_exit. It throws me an error stating:

17:55:37.691 [LogStash::Runner] FATAL logstash.runner - The given configuration is invalid. Reason: Expected one of #, if, ", ', } at line 22, column 1 (byte 487) after output {
stdout { codec => rubydebug }
    elasticsearch {
        index => "logstash_logs"
        document_type => "logs"
        hosts => [ "localhost:9200" ]
}

Can Anyone point out where am I going wrong?

elasticsearch logstash kibana filebeat
Original Q&A
1

There are 1 answers

1
Val On BEST ANSWER

You're missing a closing curly brace in your elasticsearch output

output {
  stdout { codec => rubydebug }
  elasticsearch {
     index => "logstash_logs"
     document_type => "logs"
     hosts => [ "localhost:9200" ]
  }     <--- this is missing
}

Related Questions in ELASTICSEARCH

Related Questions in LOGSTASH

Related Questions in KIBANA

Related Questions in FILEBEAT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions