Logstash crash

%3CLINGO-SUB%20id%3D%22lingo-sub-1273563%22%20slang%3D%22en-US%22%3ELogstash%20crash%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1273563%22%20slang%3D%22en-US%22%3E%3CP%3EI%20recently%20tried%20building%20a%20Logstash%20server%20following%20the%20articles%20below.%20I%20was%20able%20to%20get%20the%20service%20deploy%20and%20configured%2C%20however%20I%20see%20the%20following%20error%20and%20the%20service%20seems%20to%20be%20crashing%20and%20rebooting%20every%20few%20minutes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20not%20too%20familiar%20with%20Logstash%20any%20help%20would%20be%20appreciated.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fscaling-up-syslog-cef-collection%2Fba-p%2F1185854%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fscaling-up-syslog-cef-collection%2Fba-p%2F1185854%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FDataConnectors%2FLogstash-VMSS%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FDataConnectors%2FLogstash-VMSS%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22ehloworldio_0-1585800109641.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181475i871F064389F2DCF3%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22ehloworldio_0-1585800109641.png%22%20alt%3D%22ehloworldio_0-1585800109641.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1290389%22%20slang%3D%22en-US%22%3ERe%3A%20Logstash%20crash%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1290389%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F370232%22%20target%3D%22_blank%22%3E%40ehloworldio%3C%2FA%3E%26nbsp%3BThe%20Logstash%20output%20indicates%20an%20error%20in%20your%20Logstash%20configuration%20file%2C%20most%20likely%20a%20missing%20square%20bracket%20(though%20that%20could%20be%20the%20effect%20some%20other%20issue).%20Did%20you%20use%20the%20exact%20configuration%20that%20is%20shown%20in%20the%20article%3F%20If%20you%20provide%20the%20config%20file%20I%20can%20take%20a%20look.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22AdiGrio_0-1586310116089.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F182967iA0EEF98E328DD4C7%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22AdiGrio_0-1586310116089.png%22%20alt%3D%22AdiGrio_0-1586310116089.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I recently tried building a Logstash server following the articles below. I was able to get the service deploy and configured, however I see the following error and the service seems to be crashing and rebooting every few minutes.

 

I'm not too familiar with Logstash any help would be appreciated. 

 

https://techcommunity.microsoft.com/t5/azure-sentinel/scaling-up-syslog-cef-collection/ba-p/1185854

https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/Logstash-VMSS

 

ehloworldio_0-1585800109641.png

 

1 Reply

@ehloworldio The Logstash output indicates an error in your Logstash configuration file, most likely a missing square bracket (though that could be the effect some other issue). Did you use the exact configuration that is shown in the article? If you provide the config file I can take a look. 

 

AdiGrio_0-1586310116089.png