I am learning ELK and I am stucked in logstash. My Elastic and Kibana are running. But when I am trying ot Logstash, my pipeline is not getting started. I am running following commands
cd /usr/share/logstash/bin
./logstash -e 'input { stdin { } } output { stdout {} }'
In Elastic Documentation (https://www.elastic.co/guide/en/logstash/current/first-event.html) they've written :
After starting Logstash, wait until you see "Pipeline main started" and then enter hello world at the command prompt.
But when I am running the above commands, I am not getting any output saying "Pipeline main started" . The putput I 'm getting is :
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
FATAL] 2020-10-04 20:16:56.659 [main] runner - An unexpected error occurred! {:error=>#<ArgumentError: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.>,
[ERROR] 2020-10-04 20:16:56.715 [main] Logstash - java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit
After this error I tried changing the permisions by following :
$ chown -R logstash.logstash /usr/share/logstash
$ chmod 777 /usr/share/logstash/data
I'm getting below error
chown: changing ownership of '/var/log/logstash': Operation not permitted
can anyone please help me out ?
Thanks in advance!
if you are running logstash instance as logstash user then you can change the ownership of logstash directory
sudo chown -R logstash.logstash /usr/share/logstash
or else you can run logstash with sudo privilege
sudo ./logstash -e 'input { stdin { } } output { stdout {} }'