logstash unexpected error: opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:72:in
regardfs opened this issue · 0 comments
For all general issues, please provide the following details for fast resolution:
- Version: 1:2.2.4-1
- Operating System: ubuntu 14.04
- Config File (if you have sensitive info, please remove it):
input {
file {
path => [ "/var/log/nginx/access.log" ]
start_position => "beginning"
type => "nginx"
}
}
filter {
if [type] == "nginx" {
grok {
patterns_dir => ["/opt/logstash/patterns"]
match => { "message" => "%{NGINXACCESS}" }
}
geoip {
source => "client_ip"
target => "geoip"
database => "/etc/logstash/GeoLiteCity.dat"
add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}" ]
}
mutate {
convert => [ "[geoip][coordinates]", "float" ]
convert => [ "response","integer" ]
convert => [ "bytes","integer" ]
replace => { "type" => "nginx_access" }
remove_field => "message"
}
date {
match => [ "timestamp","dd/MMM/yyyy:HH:mm:ss Z"]
}
mutate {
remove_field => "timestamp"
}
}
}
output {
if [type] == "nginx" {
elasticsearch {
hosts => ["172.17.8.101:9200"]
index => "nginx-access-%{+YYYY.MM.dd}"
}
}
}
- Sample Data:
172.17.8.1 - kibanaadmin [10/Feb/2017:17:05:27 +0000] "GET /elasticsearch/logstash-/_mapping/field/?_=1486746327641&ignore_unavailable=false&allow_no_indices=false&include_defaults=true HTTP/1.1" 404 162 "http://172.17.8.101:8001/app/kibana" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
- Steps to Reproduce:
when i config like above mentioned, it will generate error logs like below then logstash process hang and dead...
error log in /var/log/logstash/logstash.log:
{:timestamp=>"2017-02-10T17:38:09.516000+0000", :message=>"An unexpected error occurred!", :error=>#<ArgumentError: invalid byte sequence in UTF-8>, :class=>"ArgumentError", :backtrace=>["org/jruby/RubyRegexp.java:1657:in =~'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:72:in add_patterns_from_file'", "org/jruby/RubyIO.java:3542:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/jls-grok-0.11.2/lib/grok-pure.rb:70:in add_patterns_from_file'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:372:in add_patterns_from_files'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:368:in add_patterns_from_files'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:263:in register'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:259:in register'", "org/jruby/RubyHash.java:1342:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-grok-2.0.5/lib/logstash/filters/grok.rb:255:in register'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:174:in start_workers'", "org/jruby/RubyArray.java:1613:in each'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:174:in start_workers'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/pipeline.rb:126:in run'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/agent.rb:210:in execute'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/runner.rb:90:in run'", "org/jruby/RubyProc.java:281:in call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/logstash-core-2.2.4-java/lib/logstash/runner.rb:95:in run'", "org/jruby/RubyProc.java:281:in call'", "/opt/logstash/vendor/bundle/jruby/1.9/gems/stud-0.0.22/lib/stud/task.rb:24:in initialize'"], :level=>:warn}