If using Logstash, either alone or in cahoots with Elasticsearch, Kibana, Greylog,etc. make *damn* sure your syntax in /etc/logstash/conf.d/* is correct. See Logstash, when started, takes every file in that directory (whether a config file or not) and combines them into one large file to be processed. So you can't keep .old files in there like I tried :(
You might get an error either in the log or when starting manually that references a line # that makes you scratch your head. Mine mentioned an error on line 26. Well none of my files had that many lines alone.. but obviously when combined via cat /etc/logstash/conf.d/* > /tmp/total.cnf things made more sense.
No comments:
Post a Comment