logstash unexpected error: opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:72:in

[regardfs]

For all general issues, please provide the following details for fast resolution:

• Version: 1:2.2.4-1
• Operating System: ubuntu 14.04
• Config File (if you have sensitive info, please remove it):

input { file { path => [ "/var/log/nginx/access.log" ] start_position => "beginning" type => "nginx" } } filter { if [type] == "nginx" { grok { patterns_dir => ["/opt/logstash/patterns"] match => { "message" => "%{NGINXACCESS}" } } geoip { source => "client_ip" target => "geoip" database => "/etc/logstash/GeoLiteCity.dat" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float" ] convert => [ "response","integer" ] convert => [ "bytes","integer" ] replace => { "type" => "nginx_access" } remove_field => "message" } date { match => [ "timestamp","dd/MMM/yyyy:HH:mm:ss Z"] } mutate { remove_field => "timestamp" } } } output { if [type] == "nginx" { elasticsearch { hosts => ["172.17.8.101:9200"] index => "nginx-access-%{+YYYY.MM.dd}" } } }

• Sample Data:

172.17.8.1 - kibanaadmin [10/Feb/2017:17:05:27 +0000] "GET /elasticsearch/logstash-/_mapping/field/?_=1486746327641&ignore_unavailable=false&allow_no_indices=false&include_defaults=true HTTP/1.1" 404 162 "http://172.17.8.101:8001/app/kibana" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

• Steps to Reproduce: when i config like above mentioned, it will generate error logs like below then logstash process hang and dead... error log in /var/log/logstash/logstash.log:

{:timestamp=>"2017-02-10T17:38:09.516000+0000", :message=>"An unexpected error occurred!", :error=>#<ArgumentError: invalid byte sequence in UTF-8>, :class=>"ArgumentError", :backtrace=>["org/jruby/RubyRegexp.java:1657:in=~'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:72:in add_patterns_from_file'", "org/jruby/RubyIO.java:3542:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:70:in add_patterns_from_file'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:372:inadd_patterns_from_files'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:368:inadd_patterns_from_files'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:263:in register'", "org/jruby/RubyArray.java:1613:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:259:in register'", "org/jruby/RubyHash.java:1342:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:255:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:174:instart_workers'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:174:instart_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:126:in run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/agent.rb:210:inexecute'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/runner.rb:90:in run'", "org/jruby/RubyProc.java:281:incall'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/runner.rb:95:in run'", "org/jruby/RubyProc.java:281:incall'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:24:in initialize'"], :level=>:warn}