search

magnusbaeck / logstash-filter-verifier

Apache License 2.0
192 stars 27 forks source link

Not working, unsure if it is me or LFV. #51

Closed pol closed 6 years ago

pol commented 6 years ago

Logstash Version 2.1.1 Ubuntu 16.04, x86_64 Using the downloaded amd64 binary

Using this as my test.json:

{
  "fields": {
    "type": "syslog"
  },
  "input": [
    "Oct  6 20:55:29 myhost myprogram[31993]: This is a test message"
  ],
  "expected": [
    {
      "@timestamp": "2015-10-06T20:55:29.000Z",
      "host": "myhost",
      "message": "This is a test message",
      "pid": 31993,
      "program": "blarg",
      "type": "syslog"
    }
  ]
}

First attempt at running printed an "address in use" error, so I stopped logstash. Now, running with "loglevel=DEBUG", I get:

root@pol-logstash-3 ~/ls # ./logstash-filter-verifier --loglevel=DEBUG test.json /opt/logstash/logstash.conf
2017/09/18 20:04:49 Reading test case file: test.json (/home/ubuntu/ls/test.json)
Running tests in test.json...
2017/09/18 20:04:49 Prepared configuration file directory /tmp/554985855 with these files: [logstash.conf]
2017/09/18 20:04:49 Starting "/opt/logstash/bin/logstash" with args ["-w" "1" "--debug" "-e" "input { stdin { codec => \"line\" add_field => { \"type\" => \"syslog\" } } } output { file { path => \"/tmp/389390085\" codec => \"json_lines\" } }" "-f" "/tmp/554985855" "-l" "/tmp/534001312"].
2017/09/18 20:04:49 Waiting for child with pid 21759 to terminate.

Here it just hangs forever. I am running as root, so it shouldn't be a permissions issue. What am I doing wrong?

pol commented 6 years ago

As a note, I changed "myprogram" to "blarg" because I wanted it to print out an error.

magnusbaeck commented 6 years ago

What's in /opt/logstash/logstash.conf?

pol commented 6 years ago

Here it is (with some of the sensitive matchers removed): https://gist.github.com/pol/08a9b6521c08d91589eb3ae8c0412623

It's not very exotic.

magnusbaeck commented 6 years ago

You can't have any inputs (or outputs) in the configuration file you feed to LFV since they'll cause Logstash to not shut down when all test events have been processed. Just split your configuration in two or more files and pass the one containing filters to LFV. See #10.

pol commented 6 years ago

Thanks for the quick response, I will give this a try.

pol commented 6 years ago

This is precisely what was wrong. Perhaps consider adding documentation that you need to remove any inputs and/or outputs if they are currently configured. Or even splitting the inputs, filters, and outputs into separate files for ease of testing.