Error start logstash after update from 5.4.3 to 5.5

Elastic Stack Logstash
1

Hi,

I updated my elastic stask from 5.4.3 to 5.5.0. When i start logstash, i got some error

Data flow : Log -> logstash collector(v5.5) -> RabbitMQ (v3.6.1) -> Logstash proccessor (filter)(v5.5) -> ES(v5.5)

This is error log from logstash processor.

Logstash proccessor error

My logstash proccess config

input {
rabbitmq {
host => "10.1.6.244"
queue => "logstash-queue"
key => "logstash-key"
exchange => "logstash"
threads => 5
exclusive => false
prefetch_count => 256
vhost => "elastic-stack"
port => 5677
user => "logstash"
password => "password"
}

}

output {
elasticsearch {
hosts => ["https://10.1.6.196:9200", "https://10.1.6.197:9200", "https://10.1.6.198:9200"]
user => "myuser"
cacert => "/etc/logstash/ca.pem"
ssl => true
password => "mypassword"
manage_template => false
flush_size => 5000
index => "%{beatname}-%{+xxxx.ww}"
document_type => "%{beattype}"
}
}

And here is log logstash collector

https://pastebin.com/qsJA5YQN

my logstash collector config

input {
beats {
port => 5044
}
}
filter {
if [type] == "wineventlog" and [event_id] == 5156 {
drop { }
}
mutate {
add_field => {"beatname" => "%{[@metadata][beat]}"}
add_field => {"beattype" => "%{[@metadata][type]}"}
}
}

output {
rabbitmq {
exchange => "logstash"
exchange_type => "direct"
key => "logstash-key"
host => "10.1.6.244"
vhost => "elastic-stack"
durable => true
persistent => true
port => 5677
user => "logstash"
password => "password"
}
}

Before update to V5.5, it's woking with my config, no problem.
Thanks!

2

I can't repro that error with the test configs you've posted. I suspect that the bug is related to the actual username/password. Can you repro the errors with the test configs you've posted?

3

Also, I'm noting that you have an ES error in your collector config, even though you aren't using ES there. Do you have xpack enabled and sending stats to Elasticsearch? I'm thinking the bug could be related to your xpack username / password. Do you use unusual formatting of either field?

4

This appears to be a difference in escape handling in explicit usernames.

5

Made an issue to track this https://github.com/logstash-plugins/logstash-output-elasticsearch/issues/618

1 Like
6

Yeah,
I enabled xpack and sending stats to ES.

i changed password (no special character) and it's worked.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.