After Upgrade Logstash is running but not sending logs to elasticsearch

hello everyone,
After upgrading logstash from version 6.8 to 7.16.2, logstash is running but it didn't send logs to Elasticsearch. In the logfile of logstash server i have this error :

"[2022-01-03Tl3:50:23,910)[FATAL)[orq .loqstash .Loqstash J Loqstash stopped processing because ot an error : (SysternExit)exit"
"(2022-0l-03Tl3:50: 6, 96)(FATAL)(loo.std.sh.runner J An unexpected error occurred! (:error•>#<LooSta.5h::Error : Don't know how to handle 'Java ::OroLoostashSecretStore ::SecretStoreException::LoadException ·for 'Pipel1neAction: :Creat e ·> , :backt race•> ( ""oro/ loq.5ta5h /execu t ion/Convero-eRe.su ltEx t .j ava :135: in ·create 1 "", ""oro/ lOQ5ttl.5h /execu t1on/ConveroeRe5u ltEx t .java :60: in ·add'"", ""/usr I.share/ 100:1ta.sh / loo.sea.sh-core/ lib/ loc;i.sta.sh /ao-en t .rb: 396: 1n ·block 1n converoe_.stat eIti 1}"
"[2022-01-03Tl3:50:16,511](FATAL](orq.loqstash.Loqstash ]Logstash stopped proce.s.sing becau.se of an error: (SystemExit) exit"

please any suggestion to solve this issue ??
regards.

You need to share your full pipeline, maybe you are using a filter that does not exist anymore or was changed.

The exception is thrown by this method when it fails to load a Java keystore. It could be file access permissions, missing or incorrect password, or just that the file is not a JKS.

Note that if you upgraded to 7.16.2 then you are probably using a different JDK, since it is now bundled with logstash. I am uncertain if that could affect things, but you could set LS_JAVA_HOME to the old JDK and see if that changes the behaviour.

This issue has some additional comments.

how can i resolve that exactly (im using linux redhat 7) ? steps please ?

pipeline is the filters ? please what is exactly pipeline?

Pipeline is your entire configuration, your file with the input, filters and output.

In directory /etc/logstash/conf.d/ i have 3 input files :

000-input-syslog.conf :

input {
        udp {
        port => 1514
        type => syslog
      }
}

001-input-beat.conf :

input {
        beats {
        port => 5044
      }
}

70-kaspersky-input.conf

and i have 14 filters ; note that i don't use anymore 2 filters !

and one output to Elasticsearch :

output {
  if [indexName]{
  elasticsearch { hosts => ["172.19.19.9:9200"]
  index => "%{indexName}-%{+YYYY.MM.dd}"
  manage_template => false }
  }
  else{
  elasticsearch { hosts => ["172.19.19.9:9200"]
  index => "logstash-bulk-%{+YYYY.MM.dd}"
  manage_template => false }
  }
}

the original error in the image above :point_up_2:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.