#logstash

hi!

what exactly should I do if I configured an input(tcp,json) and output(elasticsearch) which works just fine and logstash is eating up all my messages with NO debugging output after I add a filter?

The logs are empty. No evidence of any configuration error. It silently drops everything. I'm using Logstash 1.4.2 on Ubuntu 14.04.

I even started logstash with --debug (from /etc/default/logstash)

This is my logstash configuration http://paste.debian.net/133891

Title: debian Pastezone (at paste.debian.net)

I mean - what is wrong? Why is there no logging if something does not work? It just eats my messages. The are gone! No evidence, they ever existed.

hjjg: You can start logstash with --debug for it to reveal the logic it's stepping through

hjjg: not sure why it's eating your messages, sorry it's causing you grief

attractiveape: I tried --debug and -vv. When logstash starts, there is more output in the logfile. But there are no entries as soon as I input data.

attractiveape: Also the stdout-Output is not working. Or I did not find the location of stdout from this daemon.

Exception in filterworker {"exception"=>#<NoMethodError: undefined method `&' for "sqli, id, lfi":String>, "backtrace"=>["/home/hg/logstash-1.4.2/lib/logstash/filters/base.rb:211:in `filter?'", "/home/hg/logstash-1.4.2/lib/logstash/filters/mutate.rb:204:in `filter'", "(eval):40:in `initialize'", "org/jruby/RubyProc.java:271:in `call'", "/home/hg/logstash-1.4.2/lib/logstash/pipeline.rb:262:in `filter'", ...

... "/home/hg/logstash-1.4.2/lib/logstash/pipeline.rb:203:in `filterworker'", "/home/hg/logstash-1.4.2/lib/logstash/pipeline.rb:143:in `start_filters'"], :level=>:error}

This is what you get if you download logstash as tar.gz and you run it with this command: bin/logstash -e 'input { tcp { type => "ids" port => 3333 format => "json" } } filter {geoip { type => "ids" add_tag => [ "geoip" ] source => "ip" } mutate { tags => [ "geoip" ] add_field => [ "coords", "%{geoip.longitude}", "tmplat", "%{geoip.latitude}" ] } } output { stdout { codec => rubydebug } }'

The packages for Ubuntu do not display this error.

upgraded to es 1.4.1 last night

after the new index was created an hour ago or so in utc catchall * searches don't seem to work

for the new index

work fine in old one though

oddly k4beta2 works too

hi anyone can help me with a kibana question?

better off in #kibana

but you can ask or don't expect an answer

Damm thank you

how about you just ask your question

Hi

anybody using logstash here?