Input Threat Exception


Somehow after getting Logstash to run and connect with my Elastic Search instance, this warning/error keeps popping up:

jon1984@ubuntu:~/Applications/logstash_conf$ java -jar logstash-1.1.0-monolithic.jar agent -f agent-server.conf
I, [2012-02-19T22:33:21.493000 #5987] INFO – : Using beta plugin 'amqp'. For more information about plugin statuses, see {"timestamp":"2012-02-19T22:33:21.473000 -0800","message":"Using beta plugin 'amqp'. For more information about plugin statuses, see ","level":"info"}
W, [2012-02-19T22:33:23.560000 #5987] WARN – : Input thread exception {"timestamp":"2012-02-19T22:33:23.556000 -0800","plugin":"LogStash::Inputs::Amqp: {\"type\"=>\"apache-access\", \"host\"=>\"\", \"exchange\"=>\"fanout\", \"name\"=>\"rawlogs\", \"debug\"=>false, \"add_field\"=>{}, \"port\"=>5672, \"user\"=>\"guest\", \"password\"=><password>, \"key\"=>\"logstash\", \"vhost\"=>\"/\", \"passive\"=>false, \"durable\"=>false, \"auto_delete\"=>true, \"exclusive\"=>true, \"prefetch_count\"=>1, \"ack\"=>true, \"ssl\"=>false, \"verify_ssl\"=>false}","exception":"Error Reply Code: 406\nError Reply Text: PRECONDITION_FAILED - parameters for queue 'rawlogs' in vhost '/' not equivalent","backtrace":["file:/home/jon1984/Applications/logstash_conf/logstash-1.1.0-monolithic.jar!/gems/bunny-0.7.8/lib/bunny/client08.rb:78:in `check_response'","file:/home/jon1984/Applications/logstash_conf/logstash-1.1.0-monolithic.jar!/gems/bunny-0.7.8/lib/bunny/queue08.rb:46:in `initialize'","file:/home/jon1984/Applications/logstash_conf/logstash-1.1.0-monolithic.jar!/gems/bunny-0.7.8/lib/bunny/client08.rb:294:in `queue'","file:/home/jon1984/Applications/logstash_conf/logstash-1.1.0-monolithic.jar!/logstash/inputs/amqp.rb:118:in `run'","file:/home/jon1984/Applications/logstash_conf/logstash-1.1.0-monolithic.jar!/logstash/agent.rb:631:in `run_input'","file:/home/jon1984/Applications/logstash_conf/logstash-1.1.0-monolithic.jar!/logstash/agent.rb:322:in `start_input'"],"message":"Input thread exception","level":"warn"}
E, [2012-02-19T22:33:23.569000 #5987] ERROR – : Restarting input due to exception {"timestamp":"2012-02-19T22:33:23.561000 -0800","plugin":"LogStash::Inputs::Amqp: {\"type\"=>\"apache-access\", \"host\"=>\"\", \"exchange\"=>\"fanout\", \"name\"=>\"rawlogs\", \"debug\"=>false, \"add_field\"=>{}, \"port\"=>5672, \"user\"=>\"guest\", \"password\"=><password>, \"key\"=>\"logstash\", \"vhost\"=>\"/\", \"passive\"=>false, \"durable\"=>false, \"auto_delete\"=>true, \"exclusive\"=>true, \"prefetch_count\"=>1, \"ack\"=>true, \"ssl\"=>false, \"verify_ssl\"=>false}","message":"Restarting input due to exception","level":"error"}

My config file is as such:
input {
amqp {

  1. ship logs to the 'rawlogs' fanout queue.

  2. type => "all"
    type => "apache-access"
    host => ""
    exchange => "fanout"
    name => "rawlogs"
    #amqp {

  3. ship logs to the 'rawlogs' fanout queue.

  4. type => "all"
    #type => "apache-access"

  5. host => ""

  6. port => "5672"

  7. exchange_type => "fanout"

  8. name => "rawlogs"

filter {
grok {
type => "syslog" # for logs of type "syslog"
pattern => "%{SYSLOGLINE}"

  1. You can specify multiple 'pattern' lines

grok {
type => "apache-access" # for logs of type 'apache-access'
date {
type => "syslog"

  1. The 'timestamp' and 'timestamp8601' names are for fields in the

  2. logstash event. The 'SYSLOGLINE' grok pattern above includes a field

  3. named 'timestamp' that is set to the normal syslog timestamp if it

  4. exists in the event.
    timestamp => "MMM d HH:mm:ss" # syslog 'day' value can be space-leading
    timestamp => "MMM dd HH:mm:ss"
    timestamp8601 => ISO8601 # Some syslogs use ISO8601 time format

date {
type => "apache-access"
timestamp => "dd/MMM/yyyy:HH:mm:ss Z"

output {
stdout { }

  1. If your elasticsearch server is discoverable with multicast, use this:

  2. elasticsearch { }

  1. If you can't discover using multicast, set the address explicitly
    elasticsearch {
    host => ""
    port => "9300"
    cluster => "elasticsearch"
    #elasticsearch { embedded => true }

Somehow there is something wrong with the format of the date that is causing some error. I have followed the instructions found in in regards to the date format, so any body could help me out to see what exactly is wrong?

Thanks so much!



Logstash Developers


Jonathan Moo