172.17.8.1 - kibanaadmin [10/Feb/2017:17:05:27 +0000] "GET /elasticsearch/logstash-/_mapping/field/?_=1486746327641&ignore_unavailable=false&allow_no_indices=false&include_defaults=true HTTP/1.1" 404 162 "http://172.17.8.101:8001/app/kibana" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
Steps to Reproduce:
when i config like above mentioned, it will generate error logs like below then logstash process hang and dead...
error log in /var/log/logstash/logstash.log:
For all general issues, please provide the following details for fast resolution:
input { file { path => [ "/var/log/nginx/access.log" ] start_position => "beginning" type => "nginx" } } filter { if [type] == "nginx" { grok { patterns_dir => ["/opt/logstash/patterns"] match => { "message" => "%{NGINXACCESS}" } } geoip { source => "client_ip" target => "geoip" database => "/etc/logstash/GeoLiteCity.dat" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float" ] convert => [ "response","integer" ] convert => [ "bytes","integer" ] replace => { "type" => "nginx_access" } remove_field => "message" } date { match => [ "timestamp","dd/MMM/yyyy:HH:mm:ss Z"] } mutate { remove_field => "timestamp" } } } output { if [type] == "nginx" { elasticsearch { hosts => ["172.17.8.101:9200"] index => "nginx-access-%{+YYYY.MM.dd}" } } }
172.17.8.1 - kibanaadmin [10/Feb/2017:17:05:27 +0000] "GET /elasticsearch/logstash-/_mapping/field/?_=1486746327641&ignore_unavailable=false&allow_no_indices=false&include_defaults=true HTTP/1.1" 404 162 "http://172.17.8.101:8001/app/kibana" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
{:timestamp=>"2017-02-10T17:38:09.516000+0000", :message=>"An unexpected error occurred!", :error=>#<ArgumentError: invalid byte sequence in UTF-8>, :class=>"ArgumentError", :backtrace=>["org/jruby/RubyRegexp.java:1657:in
=~'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:72:inadd_patterns_from_file'", "org/jruby/RubyIO.java:3542:in
each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:70:inadd_patterns_from_file'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:372:in
add_patterns_from_files'", "org/jruby/RubyArray.java:1613:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:368:in
add_patterns_from_files'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:263:inregister'", "org/jruby/RubyArray.java:1613:in
each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:259:inregister'", "org/jruby/RubyHash.java:1342:in
each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:255:inregister'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:174:in
start_workers'", "org/jruby/RubyArray.java:1613:ineach'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:174:in
start_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:126:inrun'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/agent.rb:210:in
execute'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/runner.rb:90:inrun'", "org/jruby/RubyProc.java:281:in
call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/runner.rb:95:inrun'", "org/jruby/RubyProc.java:281:in
call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:24:ininitialize'"], :level=>:warn}