Illegal character in authority at index 8:

I am using logstash 7.8 and am seeing this error while using the elasticsearch filter:

:error=>"Illegal character in authority at index 8: https://{:host=>\"fqdn.here.com\", :scheme=>\"https\", :protocol=>\"https\", :port=>9200}:9200/data-activedirectory-2020
snip

what does this mean?
The config part

elasticsearch {
    hosts => ['FQDN.com']
    ssl => true
    ca_file => "/opt/logstash/certs/FILE.crt"
    user => "username"
    password => "pASS"
    index => "data-activedirectory-2020"
    query =>  "sAMAccountName:%{[user]}"
    fields => { "title" => "title" "department" => "department" "division" => "division" }
    }

Whilst building the URI to use in the query it has used

{:host=>\"fqdn.here.com\", :scheme=>\"https\", :protocol=>\"https\", :port=>9200}

as the hostname, resulting in an invalid character (the open brace "{") after the first 8 characters of the URI (https://).

That suggests that the value of the hosts option is not what you think it is.

I am not seeing any issues or missing braces anywhere. I will restart in debug after tonights file processing completes.

odd with the repeated hosts

[2020-08-05T01:05:48,375][INFO ][logstash.filters.elasticsearch] New ElasticSearch filter client {:hosts=>[{:host=>{:host=>"usbbcssa0001.corp.inbaxalta.com", :scheme=>"https", :protocol=>"https", :port=>9200}, :scheme=>"https"}]}

I think you've run into an issue that seems to have been open for a while…

I did run across that and indeed one of my config from something I was testing in Febuary has the ssl => true commented out and the https in the hosts section. I started with that type of config but when I use it logstash will not start.

What error message do you get?

[2020-08-05T02:59:35,888][ERROR][logstash.javapipeline    ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::SocketException: Connection refused (Connection refused)>, :backtrace=>["/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `block in initialize'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in `call'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:274:in `call_once'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:158:in `code'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/manticore.rb:84:in `block in perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/manticore.rb:67:in `perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/client.rb:131:in `perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-api-5.0.5/lib/elasticsearch/api/actions/ping.rb:20:in `ping'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-elasticsearch-3.7.1/lib/logstash/filters/elasticsearch.rb:270:in `test_connection!'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-elasticsearch-3.7.1/lib/logstash/filters/elasticsearch.rb:92:in `register'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:75:in `register'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:216:in `block in register_plugins'", "org/jruby/RubyArray.java:1809:in `each'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:215:in `register_plugins'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:520:in `maybe_setup_out_plugins'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:228:in `start_workers'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:170:in `run'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:125:in `block in start'"], "pipeline.sources"=>["/opt/logstash/MetricsResilientandVaronis/conf.d/resilient.conf"], :thread=>"#<Thread:0x5f30b9c run>"}
[2020-08-05T02:59:35,908][ERROR][logstash.agent           ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[2020-08-05T02:59:36,099][INFO ][logstash.runner          ] Logstash shut down.

I missed one line.

[2020-08-05T02:59:35,786][INFO ][logstash.filters.elasticsearch] New ElasticSearch filter client {:hosts=>["https://usbbcssa0001.corp.inbaxalta.com"]}
[2020-08-05T02:59:35,888][ERROR][logstash.javapipeline    ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::SocketException: Connection refused (Connection refused)>, :backtrace=>["/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `block in initialize'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in `call'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:274:in `call_once'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:158:in `code'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/manticore.rb:84:in `block in perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/manticore.rb:67:in `perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/client.rb:131:in `perform_request'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/elasticsearch-api-5.0.5/lib/elasticsearch/api/actions/ping.rb:20:in `ping'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-elasticsearch-3.7.1/lib/logstash/filters/elasticsearch.rb:270:in `test_connection!'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/vendor/bundle/jruby/2.5.0/gems/logstash-filter-elasticsearch-3.7.1/lib/logstash/filters/elasticsearch.rb:92:in `register'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:75:in `register'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:216:in `block in register_plugins'", "org/jruby/RubyArray.java:1809:in `each'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:215:in `register_plugins'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:520:in `maybe_setup_out_plugins'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:228:in `start_workers'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:170:in `run'", "/opt/logstash/MetricsResilientandVaronis/logstash-7.8.0/logstash-core/lib/logstash/java_pipeline.rb:125:in `block in start'"], "pipeline.sources"=>["/opt/logstash/MetricsResilientandVaronis/conf.d/resilient.conf"], :thread=>"#<Thread:0x5f30b9c run>"}
[2020-08-05T02:59:35,908][ERROR][logstash.agent           ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[2020-08-05T02:59:36,099][INFO ][logstash.runner          ] Logstash shut down.

But you have made sure that you can connect to ES from this server (e.g. with Curl), that it's definitely only Logstash that has the connection issues?

(You can just edit your response if you have to correct something ;))

Yes, The same config that I am doing the lookup from is also writing the event to ES. I have also tested with CURL.

Hm. Unfortunately no other workaround comes to my mind. Hopefully someone else knows more.

at some point I had removed the :9200 from the hosts line. When I put that back logstash starts and actually runs the lookup.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.