· 5 years ago · Jun 12, 2020, 09:30 AM
1[2020-06-12T11:07:27,476][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.7.1"}
2[2020-06-12T11:07:33,217][INFO ][org.reflections.Reflections] Reflections took 217 ms to scan 1 urls, producing 21 keys and 41 values
3[2020-06-12T11:07:36,366][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
4[2020-06-12T11:07:36,799][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://localhost:9200/"}
5[2020-06-12T11:07:36,940][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
6[2020-06-12T11:07:36,970][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
7[2020-06-12T11:07:37,157][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200"]}
8[2020-06-12T11:07:37,231][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
9[2020-06-12T11:07:37,370][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-ASN.mmdb"}
10[2020-06-12T11:07:37,476][INFO ][logstash.outputs.elasticsearch][main] Using mapping template from {:path=>"/etc/logstash/conf.d/templates/pf-geoip-template.json"}
11[2020-06-12T11:07:37,565][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-ASN.mmdb"}
12[2020-06-12T11:07:37,748][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"pf-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>2}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"destination"=>{"properties"=>{"geo"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}, "as"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}, "source"=>{"properties"=>{"geo"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}, "as"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}}
13[2020-06-12T11:07:38,046][INFO ][logstash.filters.geoip ][main] Using geoip database {:path=>"/usr/share/GeoIP/GeoLite2-City.mmdb"}
14[2020-06-12T11:07:38,229][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.specialized.RubyArrayOneObject) has been created for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
15[2020-06-12T11:07:38,242][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["/etc/logstash/conf.d/01-inputs.conf", "/etc/logstash/conf.d/05-firewall.conf", "/etc/logstash/conf.d/30-geoip.conf", "/etc/logstash/conf.d/35-rules-desc.conf", "/etc/logstash/conf.d/50-outputs.conf"], :thread=>"#<Thread:0x5f39691f run>"}
16[2020-06-12T11:07:43,755][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
17[2020-06-12T11:07:43,884][INFO ][logstash.inputs.udp ][main][5c44a4cf9bcf20e1581c3831fe6ca4e6632301642709b37c7f32fda819a27f2a] Starting UDP listener {:address=>"0.0.0.0:5140"}
18[2020-06-12T11:07:43,899][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
19[2020-06-12T11:07:44,046][INFO ][logstash.inputs.udp ][main][5c44a4cf9bcf20e1581c3831fe6ca4e6632301642709b37c7f32fda819a27f2a] UDP listener started {:address=>"0.0.0.0:5140", :receive_buffer_bytes=>"106496", :queue_size=>"2000"}
20[2020-06-12T11:07:44,214][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}