After Upgrade Logstash is running but not sending logs to elasticsearch

Othmane_CHHAIBI · January 13, 2022, 7:40pm

hello everyone,
After upgrading logstash from version 6.8 to 7.16.2, logstash is running but it didn't send logs to Elasticsearch. In the logfile of logstash server i have this error :

"[2022-01-03Tl3:50:23,910)[FATAL)[orq .loqstash .Loqstash J Loqstash stopped processing because ot an error : (SysternExit)exit"
"(2022-0l-03Tl3:50: 6, 96)(FATAL)(loo.std.sh.runner J An unexpected error occurred! (:error•>#<LooSta.5h::Error : Don't know how to handle 'Java ::OroLoostashSecretStore ::SecretStoreException::LoadException ·for 'Pipel1neAction: :Creat e ·> , :backt race•> ( ""oro/ loq.5ta5h /execu t ion/Convero-eRe.su ltEx t .j ava :135: in ·create 1 "", ""oro/ lOQ5ttl.5h /execu t1on/ConveroeRe5u ltEx t .java :60: in ·add'"", ""/usr I.share/ 100:1ta.sh / loo.sea.sh-core/ lib/ loc;i.sta.sh /ao-en t .rb: 396: 1n ·block 1n converoe_.stat eIti 1}"
"[2022-01-03Tl3:50:16,511](FATAL](orq.loqstash.Loqstash ]Logstash stopped proce.s.sing becau.se of an error: (SystemExit) exit"

please any suggestion to solve this issue ??
regards.

leandrojmp · January 13, 2022, 7:48pm

You need to share your full pipeline, maybe you are using a filter that does not exist anymore or was changed.

Badger · January 13, 2022, 11:12pm

The exception is thrown by this method when it fails to load a Java keystore. It could be file access permissions, missing or incorrect password, or just that the file is not a JKS.

Note that if you upgraded to 7.16.2 then you are probably using a different JDK, since it is now bundled with logstash. I am uncertain if that could affect things, but you could set LS_JAVA_HOME to the old JDK and see if that changes the behaviour.

This issue has some additional comments.

Othmane_CHHAIBI · January 17, 2022, 10:23am

how can i resolve that exactly (im using linux redhat 7) ? steps please ?

Othmane_CHHAIBI · January 17, 2022, 10:25am

pipeline is the filters ? please what is exactly pipeline?

leandrojmp · January 17, 2022, 1:04pm

Pipeline is your entire configuration, your file with the input, filters and output.

Othmane_CHHAIBI · January 17, 2022, 4:17pm

In directory /etc/logstash/conf.d/ i have 3 input files :

000-input-syslog.conf :

input {
        udp {
        port => 1514
        type => syslog
      }
}

001-input-beat.conf :

input {
        beats {
        port => 5044
      }
}

70-kaspersky-input.conf

and i have 14 filters ; note that i don't use anymore 2 filters !

and one output to Elasticsearch :

output {
  if [indexName]{
  elasticsearch { hosts => ["172.19.19.9:9200"]
  index => "%{indexName}-%{+YYYY.MM.dd}"
  manage_template => false }
  }
  else{
  elasticsearch { hosts => ["172.19.19.9:9200"]
  index => "logstash-bulk-%{+YYYY.MM.dd}"
  manage_template => false }
  }
}

Othmane_CHHAIBI · January 17, 2022, 4:19pm

the original error in the image above

system · February 14, 2022, 4:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash didn't send logs to Elasticsearch after upgrade Logstash	3	576	April 13, 2022
Logstash is running but not sending logs to elasticsearch Logstash	2	315	February 1, 2022
Logstash not start after upgrade to new version Logstash	10	8276	January 27, 2022
ELK Stack upgraded, and logstash is not sending data to elasticsearch Logstash	5	1565	July 6, 2017
Logstash wont work after upgrading Logstash	2	866	January 31, 2022

After Upgrade Logstash is running but not sending logs to elasticsearch

Related Topics