I'm receiving the "Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration." error message from a Logstash Elasticsearch filter. The filter is:
filter {
ruby {
# code to define [batch_info] fields
}
if [batch_info][event_kind] == "End" {
elasticsearch {
index => "spark-active-index"
hosts => ["${ELASTIC_HOSTS}"]
user => "${ELASTIC_USER}"
password => "${ELASTIC_PASSWORD}"
cacert => "certs/ca/ca.crt"
query => "batch_info.event_kind:Start AND batch_info.uid:%{[batch_info][start_uid]}"
fields => { "batch_info_start" => "batch_info_start" }
}
}
}
Oddly, I use a pretty much the same plugin configuration in the output section. The following works just fine without the filter:
output {
elasticsearch {
index => "spark-active-index"
hosts => ["${ELASTIC_HOSTS}"]
user => "${ELASTIC_USER}"
password => "${ELASTIC_PASSWORD}"
cacert => "/usr/share/logstash/certs/ca/ca.crt"
}
}
I've tried paring back the plugin configuration, in many different ways to isolate the issue, but to no avail. Either, I receive the same ConfigurationError or a different error because of a required configuration. For example, in some configurations if you omit the cacert configuration, you'll receive an error notifying to that effect. I've also tried literal values in place of the environment variables, but again to no avail. I also tried upgrading to the latest Logstash (v8.14.3), with no change in behaviors. Any pointers or suggestions would be appreciated.
The filter, above, is based of the example in Elasticsearch filter plugin. My overall Docker-Elastic environment is derived from Getting started with the Elastic Stack and Docker Compose: Part 1.