I'm having problems with logstash dying silently at irregular times
there's no variation in current load, no error message, no clue what so ever, the process just dies
anyone seen this? :)
also, it often runs for 24 hours before this happens
sometimes it happens after 15 min
datenbrille joined the channel
Guest30007 has quit
alcy joined the channel
brdude joined the channel
tarun joined the channel
brdude has quit
Guest85749 has quit
dieterdemeyer joined the channel
threesome has quit
EnriqueCadalso has quit
Jippi joined the channel
faxm0dem_ is now known as faxm0dem
rombob joined the channel
nikolavp has quit
paradoxbound joined the channel
nikolavp joined the channel
Nord_80 joined the channel
cpg|away is now known as cpg
paradoxbound has quit
is-mw2 has quit
threesome joined the channel
saurajeetd joined the channel
rombob has left the channel
Jippi has quit
SynchroM joined the channel
basti joined the channel
lexelby has quit
shtouff joined the channel
CasperGasper joined the channel
paradoxbound joined the channel
valardohaeris7 has quit
valardohaeris7 joined the channel
paradoxbound1 joined the channel
paradoxbound has quit
eper joined the channel
szhem joined the channel
axel joined the channel
axel is now known as axellj
jbanier joined the channel
dpippen has quit
axellj
hola! I'm trying to perform the 10 minute tutorial, but I get a crash when I try to run the web interface due to (what seems to be) an incorrect backporting path. This is a known issue on windows (e.g. LOGSTASH-1127).
My question is thus: Since a dependency seems to be messed up, will I even be able to use logstash at all on Windows, or should I just give up and wait for a new release?
Jippi has quit
I mean, the basic listening / aggregation stuff seem to work, so that's good - I just want to know if anyone can reassure me or else steer me off this path so I don't waste my time doing something that's impossible
simmel joined the channel
Jippi joined the channel
eper
if it is only the web interface and it does not crash if disabled then you can continue - just need to run kibana separate (unsure if it plays well on windows)
axellj
well, it doesn't crash when I *don't* enable the web interface as a param, so that's promising.
I guess i'll try to find out. It's kinda tricky to do this on Windows, most stuff seems to expect that you run some nix flavor
eper
kibana3 is client side so it should run under any web service I suspect
axellj
that's my hope. the whole logstash stack seems very nice, so I hope I can get it to work
eper
aye not tried shipping logs out of windows servers yet
stackedsax1 has quit
maluko joined the channel
axellj
I've done some reading and it seems like using snare is the best option - but I've a long ways to go before I*m there, right now I just want to get it to run locally. Here goes, then.
dottedmag
What do you folks do to prevent any misconfiguration which causes repeated logging?
Infin1ty joined the channel
Say, Redis goes down, and Logstash starts to log "unable to fetch data from Redis", which grows to dozens of gigabytes overnight, fills the whole disk and causes machine to halt.
eper
monitoring :P
basti
dottedmag: or logrotate ^^
Infin1ty
dottedmag, so make sure you have redundant redis instances
dottedmag, even one on standby instead of just shuffling them
dottedmag
logrotate is not quick enough -- should I rotate logs every 10 minutes?
But that's curing the symptome instead of underlying problem.
Which is huge amount of logging output in case anything goes wrong.
And sure I do have monitoring, it reminded me that disk is filled up, 5 minutes before machine went to halt.
But standby Redis won't help -- Logstash will complain if any of inputs is down.
bemehow joined the channel
Nord_80
Hi! I'm stuck trying to get Kibana 3, logstash 1.13 and elasticsearch 0.20.6 working together
basti
Nord_80: Any Error message?
Nord_80
It doesnt seem like logstash is creating the indices in elasticsearh
trying to use file input, with the apachelog from the tutorial
basti
I have a problem with _grokparsefailure tag. Everything is beeing parsed well, but it is still displayed in kibana. When exactly is logstash adding this tag`
Nord_80
just getting alot of "heartbeats" and an occasional _discover_file_glob
basti
do you have any filters?
Nord_80
yes, grok
bemehow_ joined the channel
basti
Nord_80: ok, so sorry. No idea how to research furhter ;)
Nord_80
just installed grok from the git repo, and made a make; make install. I'm not really sure where the filters are suppose to go
dpippen joined the channel
bemehow has quit
dpippen has quit
maybe I will try without filters. I dont think it is a grok issue
But according to the mapping (in gist as well) the field is a string.
Why does it try to parse it?
ells joined the channel
I'd better ask in #elasticsearch
afd___ joined the channel
afd__ has quit
alistar joined the channel
zimbatm joined the channel
basti
Hm, still facing the problem, that logstah is adding _grokparsefailure to successfull parsed queries. Any idea why?
Infin1ty
dottedmag, if you plan an HA system, things will go wrong, you must have redundancy, what happens if it won't log anything? how would you know you have a problem?
dottedmag, having another redis will sure help, you can give logstash two redis inputs and indexers two redis output (shuffling or not)
dottedmag
Infin1ty: as a matter of fact, I have two redis inputs.
One of them was misconfigured.
And Logstash started to complain about it.
And complained whole night, until logstash box halted.
I feel there is need for exponential backoff both in inputs and outputs.