Gem/Bundler errors while installing a new logstash filter

I am trying to install the logstash-filter-goaudit plugin on my kubernetes pod running logstash image: docker.elastic.co/logstash/logstash-oss:6.4.1 . We are still on ES 6.6 and am currently trying to onboard goaudit logs and handle the parsing using this filter. (GitHub - mwielgoszewski/logstash-filter-goaudit: A Logstash filter to parse go-audit json logs)

According to the setup instructions I tried to install bundler:

bash-4.2$ ruby -S gem install bundler
Fetching: bundler-2.2.25.gem (100%)
Successfully installed bundler-2.2.25

but for some reason it doesn't get detected by jruby:

bash-4.2$ ruby -S bundle install
jruby: No such file or directory -- bundle (LoadError)

I verified that bundler gem is installed and got the binary from the gems directory. So I went in the plugin directory and ran:

bash-4.2$ ruby -S /usr/share/logstash/vendor/bundle/jruby/2.3.0/bin/bundle install
Fetching gem metadata from https://rubygems.org/..........
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Resolving dependencies...
Bundler could not find compatible versions for gem "logstash-core":
  In snapshot (Gemfile.lock):
    logstash-core (= 5.6.3)

  In Gemfile:
    logstash-filter-goaudit (>= 0) java depends on
      logstash-core-plugin-api (<= 2.99, >= 1.60) java depends on
        logstash-core (= 5.5.1.snapshot1) java

Running `bundle update` will rebuild your snapshot from scratch, using only
the gems in your Gemfile, which may resolve the conflict.

Gemfile looks like this:

bash-4.2$ cat Gemfile
source 'https://rubygems.org'

gemspec

logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"

if Dir.exist?(logstash_path) && use_logstash_source
  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
end

I tried to set the LOGSTASH_SOURCE=1 and reran the bundle install. Got some more dependency issues:

bash-4.2$ ruby -S /usr/share/logstash/vendor/bundle/jruby/2.3.0/bin/bundle install
Fetching gem metadata from https://rubygems.org/........
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Resolving dependencies...
Bundler could not find compatible versions for gem "minitar":
  In snapshot (Gemfile.lock):
    minitar (= 0.5.4)

  In Gemfile:
    minitar (>= 0) java

    logstash-core (>= 0) java depends on
      minitar (~> 0.6.1) java

Running `bundle update` will rebuild your snapshot from scratch, using only
the gems in your Gemfile, which may resolve the conflict.

Running bundle update also doesn't fix the issue:

Fetching gem metadata from https://rubygems.org/..........
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Resolving dependencies..............................
Installing rake 13.0.6 (was 12.1.0)
Using numerizer 0.1.1
Using chronic_duration 0.10.6
Using clamp 0.6.5
Installing coderay 1.1.3 (was 1.1.2)
Installing concurrent-ruby 1.1.9 (was 1.0.5)
Installing diff-lcs 1.4.4 (was 1.3)
Installing multi_json 1.15.0 (was 1.12.2)
Using elasticsearch-api 5.0.5 (was 5.0.4)

Gem::RuntimeRequirementNotMetError: faraday-em_http requires Ruby version >= 2.4.0. The current ruby version is 2.3.0.
An error occurred while installing faraday-em_http (1.0.0), and Bundler cannot
continue.
Make sure that `gem install faraday-em_http -v '1.0.0'` succeeds before
bundling.

Complains about faraday gem which is not available for ruby < 2.4. I am running ruby 2.3 in this particular logstash image. Can someone please help me figure this out?

Thanks
-Aneesh

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.