Logstash 7.16.2(fixed Log4j2 Vulnerability) connected to ElasticSearch 7.6.2 failed

swxEmily · December 27, 2021, 2:39am

Third party Elasticsearch: 7.6.2
Logstash: updated from 7.10.1 to 7.16.2(fixed Log4j2 Vulnerability)

logstash.conf:
output {
Elasticsearch{
hosts => ["https://10.33.27.xxx:9200","https://10.33.27.xxy:9200","https://10.33.27.xxz:9200"]
user => "admin"
password => "xxxxx"
cacert => "xxxxx"
ilm_enabled => false
index => "xxxx-%{+YYYY.MM.dd}"
manage_template => true
template_overwrite => true
template_name => "xxxx_template"
}
}

It works fine when logstash version is 7.10.1
After upgrade to 7.16.2, get the error:

[2021-12-27T09:44:20,042][ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>"main", :exception=>#<LogStash::ConfigurationError: Could not connect to a compatible version of Elasticsearch>, :backtrace=>["/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:247:in block in healthcheck!'", "org/jruby/RubyHash.java:1415:in each'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:240:in healthcheck!'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:374:in update_urls'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:89:in update_initial_urls'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:83:in start'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client.rb:359:in build_pool'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client.rb:63:in initialize'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/outputs/Elasticsearch/http_client_builder.rb:106:in create_http_client'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:102:in build'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-11.2.3-java/lib/logstash/plugin_mixins/Elasticsearch/common.rb:34:in build_client'", "/home/test/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.2.3-java/lib/logstash/outputs/elasticsearch.rb:275:in register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:131:in register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in register'", "/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:232:in block in register_plugins'", "org/jruby/RubyArray.java:1821:in each'", "/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:231:in register_plugins'", "/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:589:in maybe_setup_out_plugins'", "/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:244:in start_workers'", "/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:189:in run'", "/home/test/logstash/logstash-core/lib/logstash/java_pipeline.rb:141:in `block in start'"], "pipeline.sources"=>["/home/test/conf/logstash.conf"], :thread=>"#<Thread:0x3a3c3828 run>"}
[2021-12-27T09:44:20,053][INFO ][logstash.javapipeline ][main] Pipeline terminated {"pipeline.id"=>"main"}
[2021-12-27T09:44:20,078][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
[2021-12-27T09:44:20,188][INFO ][logstash.runner ] Logstash shut down.
[2021-12-27T09:44:20,201][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:747) ~[jruby-complete-9.2.20.1.jar:?]
at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:710) ~[jruby-complete-9.2.20.1.jar:?]
at home.test.logstash.lib.bootstrap.environment.(/home/test/logstash/lib/bootstrap/environment.rb:94) ~[?:?]

Badger · December 27, 2021, 2:55am

That might be this issue. With 7.15 OSS stopped being a drop-in replacement for Elastic.

swxEmily · December 27, 2021, 4:22am

swxEmily · December 27, 2021, 4:24am

download logstash-oss-with-opensearch-output-plugin-7.16.2-linux-x64.tar.gz from Opensearch 1.2.3 · OpenSearch
change the logstash.conf:
output {
opensearch{
hosts => ["https://10.33.27.xxx:9200","https://10.33.27.xxy:9200","https://10.33.27.xxz:9200"]
user => "admin"
password => "xxxxx"
cacert => "xxxxx"
index => "xxxx-%{+YYYY.MM.dd}"
manage_template => true
template_overwrite => true
template_name => "xxxx_template"
}
}

now it works fine.
Thanks

system · January 24, 2022, 4:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.