#logstash

what's the recommended way to debug logstash, when the patterns are all confirmed to work, but i'm getting _grokparsefailure on everything when run in logstash?

i.e. the patterns are tested from the ruby repl with grok-pure, and work.

Hi All! I'm getting an error while trying to install the new x-pack addin for logstash 5.2.0

Am I missing something? I'm using logstash docker image (both normal and alpine give the error)

Never mind, found it in the logs. Need to change into root logstash directory

hey peeps, i'm getting this error: No Compatible Fields: The "MYINDEXSAMPLENAME-*" index pattern does not contain any of the following field types: geo_point

my geoip config looks like this

geoip { source => "originalIP" target => "geoip" database => "/elastic/logstash/db/GeoLite2-City.mmdb" add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ] add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ] } mutate { convert => [ "[geoip][coordinates]", "float"] }

I can indeed see that geoip fields are being added to the index

which one of the fields should be geo_point type?

nothau any help?

{:timestamp=>"2017-02-02T11:39:18.613000+0100", :message=>"Redis connection problem", :exception=>#<Redis::CommandError: ERR Error running script (call to f_3236c446d3b876265fe40ac665cb6dc17e6242b0): @user_script:3: @user_script: 3: -MISCONF Redis is configured to save RDB snapshots, but is currently not able to persist on disk. Commands that may modify the data set are disabled. Please check Redis logs for details about the error.>,

How is this possible? The disk itself is only at 23%

well, did you have a look at your redis log?

this is the redis log?

Xylakant:

Dirkos: what you posted looks like a logstash logfile

Xylakant: ah out of RAM

see, there you have your reason

guess there is too much going on at ELK

thanks

Morning folks

Looking to correctly document a logstash plugin I've written. I see that we use asciidoc to do this but I don't see a way to generate the asciidoc. I'd like to make sure it's done correctly... Any pointers?

what plugin did you wrote?

Just curious, but I can't help you

random666: well, I've written a few but this is the one I'm talking about currently: https://github.com/phutchins/logstash-filter-ku...

<http://tinyurl.com/h7j3nnr>; (at github.com)

It takes logs from Kubernetes and parses the metadata from the lgo file names and directories and adds fields with information about the pod, labels, etc... to the event.

Side note, anyone know sincedb well? Working on migrating a different plugin from using sqlite to sincedb and tryign to use logstash-input-file as an example but it looks like theres some magic going on...