Logstash and elasticsearch certification issue

manasa3 · November 7, 2022, 11:21am

below is the configuration of our conf file

input {
file {
path => "C:\Users\Windows\Documents\elk\mule.csv"
start_position => "beginning"
}
}
filter {
csv {
columns => ["Title", "Author", "ID","Pages"]
separator => ","
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["https://localhost:9200"]
index => "book_details"
user => "elastic"
password => "aFPcfF66jWYl_M6gf7q8"
}
}

below is the information of csv file

Title,Author,ID,Pages
Animal farm, George,045,268
Brave New World, Aldous,342,144
Walden, Henry,978,301
Wuthering Heights, Emily,556,416

grumo35 · November 7, 2022, 4:05pm

Hi,

Can you please show the cluster configuration ? And explain to us how did you followed the security guidelines about encryption and security ( mostly related to certificates ) ?

I'm not able to help since i dont have your setup but my guess is that you need to trust your custom CA or to setup SSL/TLS in unsafe mode ? ( not sure since i have no clue about your setup )

PS: you can put logs into preformatted text, please try to follow the forum posting guidelines aswell

manasa3 · November 8, 2022, 6:53am

Hi,
We are using 8.0 version of Elasticsearch, Kibana & Logstash.
Did not manually configured any certificate or key.
All the certificate configuration was automatic.
Attaching Elasticsearch Cluster output.
</>
{
"name" : "TV-Manasa-Windo",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "NHCZiLskSbq5vXMo8DLTvA",
"version" : {
"number" : "8.0.0",
"build_flavor" : "default",
"build_type" : "zip",
"build_hash" : "1b6a7ece17463df5ff54a3e1302d825889aa1161",
"build_date" : "2022-02-03T16:47:57.507843096Z",
"build_snapshot" : false,
"lucene_version" : "9.0.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
</>
In Elasticsearch we are getting " http client did not trust this server's certificate, closing connection" error but still I'm able to access ES in URL and also able to access Kibana.
I have created conf file, configuration as below.
</>
input {
file {
path => "C:\Users\Windows\Documents\elk\mule.csv"
start_position => "beginning"
}
}
filter {
csv {
columns => ["Title", "Author", "ID","Pages"]
separator => ","
}
}
output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["https://localhost:9200"]
index => "book_details"
user => "elastic"
password => "password"
}
}
</>
Password used in the configuration is auto generated in ES.

manasa3 · November 8, 2022, 6:58am

Hi i also attaching the log files

[2022-11-08T04:26:40,129][INFO ][logstash.runner          ] Log4j configuration path used is: C:\Users\Windows\Documents\elk\logstash-8.0.0\config\log4j2.properties
[2022-11-08T04:26:40,145][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"8.0.0", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.13+8 on 11.0.13+8 +indy +jit [mswin32-x86_64]"}
[2022-11-08T04:26:40,145][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
[2022-11-08T04:26:40,332][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-11-08T04:26:46,871][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2022-11-08T04:26:48,460][INFO ][org.reflections.Reflections] Reflections took 181 ms to scan 1 urls, producing 120 keys and 417 values 
[2022-11-08T04:26:51,477][INFO ][logstash.javapipeline    ] Pipeline `main` is configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this pipeline will default to `ecs_compatibility => v8` unless explicitly configured otherwise.
[2022-11-08T04:26:51,523][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https://localhost:9200"]}
[2022-11-08T04:26:52,200][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@localhost:9200/]}}
[2022-11-08T04:26:53,251][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-08T04:26:53,263][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2022-11-08T04:26:53,306][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-11-08T04:26:53,308][WARN ][logstash.outputs.elasticsearch][main] Elasticsearch Output configured with `ecs_compatibility => v8`, which resolved to an UNRELEASED preview of version 8.0.0 of the Elastic Common Schema. Once ECS v8 and an updated release of this plugin are publicly available, you will need to update this plugin to resolve this warning.
[2022-11-08T04:26:53,319][INFO ][logstash.filters.csv     ][main] ECS compatibility is enabled but `target` option was not specified. This may cause fields to be set at the top-level of the event where they are likely to clash with the Elastic Common Schema. It is recommended to set the `target` option to avoid potential schema conflicts (if your data is ECS compliant or non-conflicting, feel free to ignore this message)
[2022-11-08T04:26:53,378][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["C:/Users/Windows/Documents/elk/logstash-8.0.0/config/mule.conf"], :thread=>"#<Thread:0x6bd29eb8 run>"}
[2022-11-08T04:26:55,141][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>1.76}
[2022-11-08T04:26:58,382][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-08T04:26:58,386][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Badger · November 8, 2022, 5:41pm

A backslash in the path option of a file input is treated as an escape, so your file input will be waiting for something to be written to

C:UsersWindowsDocumentselkmule.csv

Change it to forward slash. I cannot read any of the images you posted so I have no idea what errors you are getting. Please post text instead.

manasa3 · November 9, 2022, 5:16am

Hi below is the configuration and output of elasticsearch
In Elasticsearch we are getting " http client did not trust this server's certificate, closing connection" error but still I'm able to access ES in URL and also able to access Kibana.

configuration

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 192.168.0.1
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 08-11-2022 05:30:33
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["TV-Manasa-Windo"]

# Allow HTTP API connections from localhost and local networks
# Connections are encrypted and require user authentication
http.host: [_local_, _site_]

# Allow other nodes to join the cluster from localhost and local networks
# Connections are encrypted and mutually authenticated
#transport.host: [_local_, _site_]

elastic output

warning: ignoring JAVA_HOME=C:\Program Files\Java\jdk-17.0.5; using bundled JDK
warning: ignoring JAVA_HOME=C:\Program Files\Java\jdk-17.0.5; using ES_JAVA_HOME
[2022-11-09T04:50:56,878][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] version[8.0.0], pid[4860], build[default/zip/1b6a7ece17463df5ff54a3e1302d825889aa1161/2022-02-03T16:47:57.507843096Z], OS[Windows Server 2019/10.0/amd64], JVM[Eclipse Adoptium/OpenJDK 64-Bit Server VM/17.0.1/17.0.1+12]
[2022-11-09T04:50:56,878][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] JVM home [C:\Users\Windows\Downloads\elasticsearch-8.0.0-windows-x86_64\elasticsearch-8.0.0\jdk], using bundled JDK [true]
[2022-11-09T04:50:56,878][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -XX:+ShowCodeDetailsInExceptionMessages, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=ALL-UNNAMED, -XX:+UseG1GC, -Djava.io.tmpdir=C:\Users\Windows\AppData\Local\Temp\2\elasticsearch, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m, -Xms8191m, -Xmx8191m, -XX:MaxDirectMemorySize=4294967296, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=25, -Delasticsearch, -Des.path.home=C:\Users\Windows\Downloads\elasticsearch-8.0.0-windows-x86_64\elasticsearch-8.0.0, -Des.path.conf=C:\Users\Windows\Downloads\elasticsearch-8.0.0-windows-x86_64\elasticsearch-8.0.0\config, -Des.distribution.flavor=default, -Des.distribution.type=zip, -Des.bundled_jdk=true]
[2022-11-09T04:50:58,877][WARN ][stderr                   ] [TV-Manasa-Windo] SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
[2022-11-09T04:50:58,893][WARN ][stderr                   ] [TV-Manasa-Windo] SLF4J: Defaulting to no-operation (NOP) logger implementation
[2022-11-09T04:50:58,893][WARN ][stderr                   ] [TV-Manasa-Windo] SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [aggs-matrix-stats]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [analysis-common]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [constant-keyword]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [frozen-indices]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [ingest-common]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [ingest-geoip]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [ingest-user-agent]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [kibana]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [lang-expression]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [lang-mustache]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [lang-painless]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [legacy-geo]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [mapper-extras]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [mapper-version]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [parent-join]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [percolator]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [rank-eval]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [reindex]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [repositories-metering-api]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [repository-azure]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [repository-encrypted]
[2022-11-09T04:51:00,330][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [repository-gcs]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [repository-s3]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [repository-url]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [runtime-fields-common]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [search-business-rules]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [searchable-snapshots]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [snapshot-based-recoveries]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [snapshot-repo-test-kit]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [spatial]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [transform]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [transport-netty4]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [unsigned-long]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [vector-tile]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [vectors]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [wildcard]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-aggregate-metric]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-analytics]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-async]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-async-search]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-autoscaling]
[2022-11-09T04:51:00,346][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-ccr]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-core]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-data-streams]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-deprecation]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-enrich]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-eql]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-fleet]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-graph]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-identity-provider]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-ilm]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-logstash]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-ml]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-monitoring]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-ql]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-rollup]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-security]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-shutdown]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-sql]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-stack]
[2022-11-09T04:51:00,362][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-text-structure]
[2022-11-09T04:51:00,377][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-voting-only-node]
[2022-11-09T04:51:00,377][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] loaded module [x-pack-watcher]
[2022-11-09T04:51:00,377][INFO ][o.e.p.PluginsService     ] [TV-Manasa-Windo] no plugins loaded
[2022-11-09T04:51:00,534][INFO ][o.e.e.NodeEnvironment    ] [TV-Manasa-Windo] using [1] data paths, mounts [[Windows (C:)]], net usable_space [96.7gb], net total_space [126.4gb], types [NTFS]
[2022-11-09T04:51:00,534][INFO ][o.e.e.NodeEnvironment    ] [TV-Manasa-Windo] heap size [8gb], compressed ordinary object pointers [true]
[2022-11-09T04:51:00,643][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] node name [TV-Manasa-Windo], node ID [-3E45raZR6mKzyMbMA2uzg], cluster name [elasticsearch], roles [master, data_warm, data_content, transform, data_hot, ml, data_frozen, ingest, data_cold, data, remote_cluster_client]
[2022-11-09T04:51:05,189][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [TV-Manasa-Windo] [controller/8096] [Main.cc@123] controller (64 bit): Version 8.0.0 (Build 5e85495ea85316) Copyright (c) 2022 Elasticsearch BV
[2022-11-09T04:51:05,970][INFO ][o.e.x.s.Security         ] [TV-Manasa-Windo] Security is enabled
[2022-11-09T04:51:06,408][INFO ][o.e.x.s.a.Realms         ] [TV-Manasa-Windo] license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
[2022-11-09T04:51:06,408][INFO ][o.e.x.s.a.s.FileRolesStore] [TV-Manasa-Windo] parsed [0] roles from file [C:\Users\Windows\Downloads\elasticsearch-8.0.0-windows-x86_64\elasticsearch-8.0.0\config\roles.yml]

[2022-11-09T04:51:09,199][INFO ][o.e.t.n.NettyAllocator   ] [TV-Manasa-Windo] creating NettyAllocator with the following configs: [name=elasticsearch_configured, chunk_size=1mb, suggested_max_allocation_size=1mb, factors={es.unsafe.use_netty_default_chunk_and_page_size=false, g1gc_enabled=true, g1gc_region_size=4mb}]
[2022-11-09T04:51:09,308][INFO ][o.e.d.DiscoveryModule    ] [TV-Manasa-Windo] using discovery type [zen] and seed hosts providers [settings]
[2022-11-09T04:51:10,704][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] initialized
[2022-11-09T04:51:10,704][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] starting ...
[2022-11-09T04:51:10,767][INFO ][o.e.x.s.c.f.PersistentCache] [TV-Manasa-Windo] persistent cache index loaded
[2022-11-09T04:51:10,767][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [TV-Manasa-Windo] deprecation component started
[2022-11-09T04:51:11,007][INFO ][o.e.t.TransportService   ] [TV-Manasa-Windo] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2022-11-09T04:51:11,775][INFO ][o.e.c.c.Coordinator      ] [TV-Manasa-Windo] cluster UUID [NHCZiLskSbq5vXMo8DLTvA]
[2022-11-09T04:51:12,062][INFO ][o.e.c.s.MasterService    ] [TV-Manasa-Windo] elected-as-master ([1] nodes joined)[{TV-Manasa-Windo}{-3E45raZR6mKzyMbMA2uzg}{44Bd8mPfTKKN8rIMq0XoQA}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 2, version: 259, delta: master node changed {previous [], current [{TV-Manasa-Windo}{-3E45raZR6mKzyMbMA2uzg}{44Bd8mPfTKKN8rIMq0XoQA}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}]}
[2022-11-09T04:51:12,249][INFO ][o.e.c.s.ClusterApplierService] [TV-Manasa-Windo] master node changed {previous [], current [{TV-Manasa-Windo}{-3E45raZR6mKzyMbMA2uzg}{44Bd8mPfTKKN8rIMq0XoQA}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}]}, term: 2, version: 259, reason: Publication{term=2, version=259}
[2022-11-09T04:51:12,586][INFO ][o.e.h.AbstractHttpServerTransport] [TV-Manasa-Windo] publish_address {172.16.0.56:9200}, bound_addresses {127.0.0.1:9200}, {[::1]:9200}, {172.16.0.56:9200}
[2022-11-09T04:51:12,601][INFO ][o.e.n.Node               ] [TV-Manasa-Windo] started
[2022-11-09T04:51:13,251][WARN ][o.e.i.c.GrokProcessor    ] [TV-Manasa-Windo] regular expression has redundant nested repeat operator * /^(?<TIMESTAMP:system.auth.timestamp>(?:(?:(?:(?>\d\d){1,2})-(?:(?:0?[1-9]|1[0-2]))-(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]))[T ](?:(?:2[0123]|[01][0-9])):?(?:(?:[0-5][0-9]))(?::?(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))?(?:(?:Z|[+-](?:(?:2[0123]|[01]?[0-9]))(?::?(?:(?:[0-5][0-9])))))?)|(?:(?:\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|[Mm](?:a|├ñ)?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y|i)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|[Oo](?:c|k)?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b) +(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])) (?:(?!<[0-9])(?:(?:2[0123]|[01]?[0-9])):(?:(?:[0-5][0-9]))(?::(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))(?![0-9]))))) (?<SYSLOGHOST:host.hostname>(?:(?:(?:(?:(?:((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?)|(?:(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9]))))|(?:\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)))))? (?<DATA:process.name>.*?)(?:\[(?<POSINT:process.pid:long>\b(?:[1-9][0-9]*)\b)\])?:(?:\s*)+(?<GREEDYMULTILINE:_temp.message>(.|\n)*)$/
[2022-11-09T04:51:13,413][INFO ][o.e.l.LicenseService     ] [TV-Manasa-Windo] license [28853171-e0e3-44b5-adf3-02a590c6e53f] mode [basic] - valid
[2022-11-09T04:51:13,413][INFO ][o.e.x.s.a.Realms         ] [TV-Manasa-Windo] license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
[2022-11-09T04:51:13,413][INFO ][o.e.g.GatewayService     ] [TV-Manasa-Windo] recovered [12] indices into cluster_state
[2022-11-09T04:51:17,940][INFO ][o.e.i.g.DatabaseNodeService] [TV-Manasa-Windo] successfully loaded geoip database file [GeoLite2-Country.mmdb]
[2022-11-09T04:51:18,129][WARN ][o.e.i.c.GrokProcessor    ] [TV-Manasa-Windo] regular expression has redundant nested repeat operator * /^(?<TIMESTAMP:system.auth.timestamp>(?:(?:(?:(?>\d\d){1,2})-(?:(?:0?[1-9]|1[0-2]))-(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]))[T ](?:(?:2[0123]|[01][0-9])):?(?:(?:[0-5][0-9]))(?::?(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))?(?:(?:Z|[+-](?:(?:2[0123]|[01]?[0-9]))(?::?(?:(?:[0-5][0-9])))))?)|(?:(?:\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|[Mm](?:a|├ñ)?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y|i)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|[Oo](?:c|k)?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b) +(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])) (?:(?!<[0-9])(?:(?:2[0123]|[01]?[0-9])):(?:(?:[0-5][0-9]))(?::(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))(?![0-9]))))) (?<SYSLOGHOST:host.hostname>(?:(?:(?:(?:(?:((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?)|(?:(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9]))))|(?:\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)))))? (?<DATA:process.name>.*?)(?:\[(?<POSINT:process.pid:long>\b(?:[1-9][0-9]*)\b)\])?:(?:\s*)+(?<GREEDYMULTILINE:_temp.message>(.|\n)*)$/
[2022-11-09T04:51:18,205][INFO ][o.e.i.g.DatabaseNodeService] [TV-Manasa-Windo] successfully loaded geoip database file [GeoLite2-ASN.mmdb]
[2022-11-09T04:51:19,156][INFO ][o.e.c.r.a.AllocationService] [TV-Manasa-Windo] current.health="GREEN" message="Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.ds-ilm-history-5-2022.11.08-000001][0], [.kibana-event-log-8.0.0-000001][0]]])." previous.health="RED" reason="shards started [[.ds-ilm-history-5-2022.11.08-000001][0], [.kibana-event-log-8.0.0-000001][0]]"
[2022-11-09T04:51:19,871][INFO ][o.e.i.g.GeoIpDownloader  ] [TV-Manasa-Windo] successfully downloaded geoip database [GeoLite2-ASN.mmdb]
[2022-11-09T04:51:19,949][WARN ][o.e.i.c.GrokProcessor    ] [TV-Manasa-Windo] regular expression has redundant nested repeat operator * /^(?<TIMESTAMP:system.auth.timestamp>(?:(?:(?:(?>\d\d){1,2})-(?:(?:0?[1-9]|1[0-2]))-(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9]))[T ](?:(?:2[0123]|[01][0-9])):?(?:(?:[0-5][0-9]))(?::?(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))?(?:(?:Z|[+-](?:(?:2[0123]|[01]?[0-9]))(?::?(?:(?:[0-5][0-9])))))?)|(?:(?:\b(?:[Jj]an(?:uary|uar)?|[Ff]eb(?:ruary|ruar)?|[Mm](?:a|├ñ)?r(?:ch|z)?|[Aa]pr(?:il)?|[Mm]a(?:y|i)?|[Jj]un(?:e|i)?|[Jj]ul(?:y|i)?|[Aa]ug(?:ust)?|[Ss]ep(?:tember)?|[Oo](?:c|k)?t(?:ober)?|[Nn]ov(?:ember)?|[Dd]e(?:c|z)(?:ember)?)\b) +(?:(?:(?:0[1-9])|(?:[12][0-9])|(?:3[01])|[1-9])) (?:(?!<[0-9])(?:(?:2[0123]|[01]?[0-9])):(?:(?:[0-5][0-9]))(?::(?:(?:(?:[0-5]?[0-9]|60)(?:[:.,][0-9]+)?)))(?![0-9]))))) (?<SYSLOGHOST:host.hostname>(?:(?:(?:(?:(?:((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?)|(?:(?<![0-9])(?:(?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])[.](?:[0-1]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]))(?![0-9]))))|(?:\b(?:[0-9A-Za-z][0-9A-Za-z-]{0,62})(?:\.(?:[0-9A-Za-z][0-9A-Za-z-]{0,62}))*(\.?|\b)))))? (?<DATA:process.name>.*?)(?:\[(?<POSINT:process.pid:long>\b(?:[1-9][0-9]*)\b)\])?:(?:\s*)+(?<GREEDYMULTILINE:_temp.message>(.|\n)*)$/
[2022-11-09T04:51:20,027][INFO ][o.e.i.g.DatabaseNodeService] [TV-Manasa-Windo] successfully loaded geoip database file [GeoLite2-City.mmdb]
[2022-11-09T04:51:20,105][INFO ][o.e.i.g.DatabaseReaderLazyLoader] [TV-Manasa-Windo] evicted [0] entries from cache after reloading database [C:\Users\Windows\AppData\Local\Temp\2\elasticsearch\geoip-databases\-3E45raZR6mKzyMbMA2uzg\GeoLite2-ASN.mmdb]
[2022-11-09T04:51:20,105][INFO ][o.e.i.g.DatabaseNodeService] [TV-Manasa-Windo] successfully loaded geoip database file [GeoLite2-ASN.mmdb]
[2022-11-09T04:51:22,409][INFO ][o.e.t.LoggingTaskListener] [TV-Manasa-Windo] 337 finished with response BulkByScrollResponse[took=789.7ms,timed_out=false,sliceId=null,updated=18,created=0,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[2022-11-09T04:51:22,791][INFO ][o.e.t.LoggingTaskListener] [TV-Manasa-Windo] 336 finished with response BulkByScrollResponse[took=904.4ms,timed_out=false,sliceId=null,updated=616,created=0,deleted=0,batches=1,versionConflicts=0,noops=0,retries=0,throttledUntil=0s,bulk_failures=[],search_failures=[]]
[2022-11-09T04:51:24,426][INFO ][o.e.i.g.GeoIpDownloader  ] [TV-Manasa-Windo] successfully downloaded geoip database [GeoLite2-City.mmdb]
[2022-11-09T04:51:25,359][INFO ][o.e.i.g.DatabaseReaderLazyLoader] [TV-Manasa-Windo] evicted [0] entries from cache after reloading database [C:\Users\Windows\AppData\Local\Temp\2\elasticsearch\geoip-databases\-3E45raZR6mKzyMbMA2uzg\GeoLite2-City.mmdb]
[2022-11-09T04:51:25,359][INFO ][o.e.i.g.DatabaseNodeService] [TV-Manasa-Windo] successfully loaded geoip database file [GeoLite2-City.mmdb]
[2022-11-09T04:51:25,657][INFO ][o.e.i.g.GeoIpDownloader  ] [TV-Manasa-Windo] successfully downloaded geoip database [GeoLite2-Country.mmdb]
[2022-11-09T04:51:25,766][INFO ][o.e.i.g.DatabaseReaderLazyLoader] [TV-Manasa-Windo] evicted [0] entries from cache after reloading database [C:\Users\Windows\AppData\Local\Temp\2\elasticsearch\geoip-databases\-3E45raZR6mKzyMbMA2uzg\GeoLite2-Country.mmdb]
[2022-11-09T04:51:25,766][INFO ][o.e.i.g.DatabaseNodeService] [TV-Manasa-Windo] successfully loaded geoip database file [GeoLite2-Country.mmdb]
[2022-11-09T04:53:27,309][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [TV-Manasa-Windo] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:50414}
[2022-11-09T04:53:27,308][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [TV-Manasa-Windo] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:50415}

manasa3 · November 9, 2022, 5:16am

hi this is the output of our kibana

[2022-11-09T04:59:10.192+00:00][INFO ][plugins-service] Plugin "metricsEntities" is disabled.
[2022-11-09T04:59:10.283+00:00][INFO ][http.server.Preboot] http server running at http://localhost:5601
[2022-11-09T04:59:10.337+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
[2022-11-09T04:59:10.371+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
[2022-11-09T04:59:10.494+00:00][INFO ][plugins-system.standard] Setting up [107] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,screenshotting,banners,telemetry,newsfeed,mapsEms,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,alerting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,expressionTagcloud,expressionMetricVis,savedObjectsManagement,console,graph,fleet,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,dashboard,maps,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,indexPatternManagement]
[2022-11-09T04:59:10.511+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: 7d1dc50d-8121-43d2-833a-ea7a625e0586
[2022-11-09T04:59:10.645+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2022-11-09T04:59:10.646+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2022-11-09T04:59:10.668+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2022-11-09T04:59:10.669+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
[2022-11-09T04:59:10.685+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2022-11-09T04:59:10.695+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2022-11-09T04:59:10.710+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2022-11-09T04:59:10.724+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
[2022-11-09T04:59:10.743+00:00][INFO ][plugins.ruleRegistry] Installing common resources shared between all indices
[2022-11-09T04:59:12.099+00:00][INFO ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, and is supported for Win32 OS. Automatically enabling Chromium sandbox.
[2022-11-09T04:59:13.272+00:00][INFO ][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
[2022-11-09T04:59:13.273+00:00][INFO ][savedobjects-service] Starting saved objects migrations
[2022-11-09T04:59:13.499+00:00][INFO ][savedobjects-service] [.kibana] INIT -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 125ms.
[2022-11-09T04:59:13.587+00:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 88ms.
[2022-11-09T04:59:13.600+00:00][INFO ][savedobjects-service] [.kibana_task_manager] INIT -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 224ms.
[2022-11-09T04:59:13.616+00:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 29ms.
[2022-11-09T04:59:13.618+00:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 18ms.
[2022-11-09T04:59:13.624+00:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> UPDATE_TARGET_MAPPINGS. took: 8ms.
[2022-11-09T04:59:13.629+00:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 11ms.
[2022-11-09T04:59:13.632+00:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> UPDATE_TARGET_MAPPINGS. took: 3ms.
[2022-11-09T04:59:13.669+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: C:\Users\Windows\Documents\elk\kibana-8.0.0\x-pack\plugins\screenshotting\chromium\chrome-win\chrome.exe
[2022-11-09T04:59:13.702+00:00][INFO ][savedobjects-service] [.kibana] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK. took: 78ms.
[2022-11-09T04:59:13.737+00:00][INFO ][savedobjects-service] [.kibana_task_manager] UPDATE_TARGET_MAPPINGS -> UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK. took: 105ms.
[2022-11-09T04:59:14.069+00:00][INFO ][savedobjects-service] [.kibana_task_manager] UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK -> DONE. took: 332ms.
[2022-11-09T04:59:14.070+00:00][INFO ][savedobjects-service] [.kibana_task_manager] Migration completed after 694ms
[2022-11-09T04:59:14.256+00:00][INFO ][savedobjects-service] [.kibana] UPDATE_TARGET_MAPPINGS_WAIT_FOR_TASK -> DONE. took: 554ms.
[2022-11-09T04:59:14.256+00:00][INFO ][savedobjects-service] [.kibana] Migration completed after 882ms
[2022-11-09T04:59:14.411+00:00][INFO ][plugins-system.preboot] Stopping all plugins.
[2022-11-09T04:59:14.413+00:00][INFO ][plugins-system.standard] Starting [107] plugins: [translations,licensing,globalSearch,globalSearchProviders,features,licenseApiGuard,usageCollection,taskManager,telemetryCollectionManager,telemetryCollectionXpack,kibanaUsageCollection,share,embeddable,uiActionsEnhanced,screenshotMode,screenshotting,banners,telemetry,newsfeed,mapsEms,fieldFormats,expressions,dataViews,charts,esUiShared,bfetch,data,savedObjects,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,customIntegrations,home,searchprofiler,painlessLab,grokdebugger,management,watcher,licenseManagement,advancedSettings,spaces,security,savedObjectsTagging,reporting,lists,ingestPipelines,fileUpload,encryptedSavedObjects,dataEnhanced,cloud,snapshotRestore,eventLog,actions,alerting,triggersActionsUi,transform,stackAlerts,ruleRegistry,visualizations,canvas,visTypeXy,visTypeVislib,visTypeVega,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypePie,visTypeMetric,visTypeMarkdown,expressionTagcloud,expressionMetricVis,savedObjectsManagement,console,graph,fleet,indexManagement,remoteClusters,crossClusterReplication,indexLifecycleManagement,dashboard,maps,dashboardEnhanced,visualize,visTypeTimeseries,rollup,indexPatternFieldEditor,lens,cases,timelines,discover,osquery,observability,discoverEnhanced,dataVisualizer,ml,uptime,securitySolution,infra,upgradeAssistant,monitoring,logstash,enterpriseSearch,apm,indexPatternManagement]
[2022-11-09T04:59:15.635+00:00][INFO ][plugins.fleet] Beginning fleet setup
[2022-11-09T04:59:15.653+00:00][INFO ][plugins.monitoring.monitoring] config sourced from: production cluster
[2022-11-09T04:59:16.971+00:00][INFO ][http.server.Kibana] http server running at http://localhost:5601
[2022-11-09T04:59:17.219+00:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Starting monitoring stats collection
[2022-11-09T04:59:17.235+00:00][INFO ][plugins.ruleRegistry] Installed common resources shared between all indices
[2022-11-09T04:59:17.238+00:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.uptime.alerts
[2022-11-09T04:59:17.239+00:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-security.alerts
[2022-11-09T04:59:17.241+00:00][INFO ][plugins.ruleRegistry] Installing resources for index .preview.alerts-security.alerts
[2022-11-09T04:59:17.241+00:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.logs.alerts
[2022-11-09T04:59:17.242+00:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.metrics.alerts
[2022-11-09T04:59:17.243+00:00][INFO ][plugins.ruleRegistry] Installing resources for index .alerts-observability.apm.alerts
[2022-11-09T04:59:17.329+00:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.uptime.alerts
[2022-11-09T04:59:17.361+00:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-security.alerts
[2022-11-09T04:59:17.365+00:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.logs.alerts
[2022-11-09T04:59:17.427+00:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.metrics.alerts
[2022-11-09T04:59:17.428+00:00][INFO ][plugins.ruleRegistry] Installed resources for index .alerts-observability.apm.alerts
[2022-11-09T04:59:17.435+00:00][INFO ][plugins.ruleRegistry] Installed resources for index .preview.alerts-security.alerts
[2022-11-09T04:59:17.914+00:00][INFO ][plugins.fleet] Fleet setup completed
[2022-11-09T04:59:17.922+00:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask[2022-11-09T04:59:18.426+00:00][INFO ][status] Kibana is now degraded
[2022-11-09T04:59:21.587+00:00][INFO ][status] Kibana is now available (was degraded)
[2022-11-09T05:00:09.133+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)

manasa3 · November 9, 2022, 5:28am

in logstash files are reading and displaying in logstash command prompt but it is not showing in elastic

"Using bundled JDK: ."
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
Sending Logstash logs to C:/Users/Windows/Documents/elk/logstash-8.0.0/logs which is now configured via log4j2.properties
[2022-11-09T05:21:48,849][INFO ][logstash.runner          ] Log4j configuration path used is: C:\Users\Windows\Documents\elk\logstash-8.0.0\config\log4j2.properties
[2022-11-09T05:21:48,849][WARN ][logstash.runner          ] The use of JAVA_HOME has been deprecated. Logstash 8.0 and later ignores JAVA_HOME and uses the bundled JDK. Running Logstash with the bundled JDK is recommended. The bundled JDK has been verified to work with each specific version of Logstash, and generally provides best performance and reliability. If you have compelling reasons for using your own JDK (organizational-specific compliance requirements, for example), you can configure LS_JAVA_HOME to use that version instead.
[2022-11-09T05:21:48,849][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"8.0.0", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.13+8 on 11.0.13+8 +indy +jit [mswin32-x86_64]"}
[2022-11-09T05:21:48,849][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -Djruby.jit.threshold=0, -Djruby.regexp.interruptible=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
[2022-11-09T05:21:48,943][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2022-11-09T05:21:50,217][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2022-11-09T05:21:51,163][INFO ][org.reflections.Reflections] Reflections took 78 ms to scan 1 urls, producing 120 keys and 417 values
[2022-11-09T05:21:52,576][INFO ][logstash.javapipeline    ] Pipeline `main` is configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this pipeline will default to `ecs_compatibility => v8` unless explicitly configured otherwise.
[2022-11-09T05:21:52,623][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https://localhost:9200"]}
[2022-11-09T05:21:52,868][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@localhost:9200/]}}
[2022-11-09T05:21:53,118][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-09T05:21:53,133][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2022-11-09T05:21:53,164][INFO ][logstash.outputs.elasticsearch][main] Config is not compliant with data streams. `data_stream => auto` resolved to `false`
[2022-11-09T05:21:53,164][WARN ][logstash.outputs.elasticsearch][main] Elasticsearch Output configured with `ecs_compatibility => v8`, which resolved to an UNRELEASED preview of version 8.0.0 of the Elastic Common Schema. Once ECS v8 and an updated release of this plugin are publicly available, you will need to update this plugin to resolve this warning.
[2022-11-09T05:21:53,180][INFO ][logstash.filters.csv     ][main] ECS compatibility is enabled but `target` option was not specified. This may cause fields to be set at the top-level of the event where they are likely to clash with the Elastic Common Schema. It is recommended to set the `target` option to avoid potential schema conflicts (if your data is ECS compliant or non-conflicting, feel free to ignore this message)
[2022-11-09T05:21:53,227][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["C:/Users/Windows/Documents/elk/logstash-8.0.0/config/mule.conf"], :thread=>"#<Thread:0x599faaaa run>"}
[2022-11-09T05:21:54,076][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>0.85}
[2022-11-09T05:21:54,155][INFO ][logstash.inputs.file     ][main] No sincedb_path set, generating one based on the "path" setting {:sincedb_path=>"C:/Users/Windows/Documents/elk/logstash-8.0.0/data/plugins/inputs/file/.sincedb_de6d9991deb720a816937e0618a42953", :path=>["C:/Users/Windows/Documents/elk/mule.csv"]}
[2022-11-09T05:21:54,170][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2022-11-09T05:21:54,201][INFO ][filewatch.observingtail  ][main][5742fcab91ae8ac488bedf4da4da7aa8aca7dba4799e314e4df2d3b4ac9695b2] START, creating Discoverer, Watch with file and sincedb collections
[2022-11-09T05:21:54,217][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2022-11-09T05:21:58,193][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-09T05:21:58,209][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2022-11-09T05:22:03,300][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-09T05:22:03,300][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2022-11-09T05:22:08,376][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-09T05:22:08,391][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2022-11-09T05:22:13,455][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-09T05:22:13,455][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2022-11-09T05:22:18,548][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>Manticore::ClientProtocolException, :cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}
[2022-11-09T05:22:18,548][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
{
         "event" => {
        "original" => "Wuthering Heights, Emily,556,416 "
    },
         "Title" => "Wuthering Heights",
        "Author" => " Emily",
         "Pages" => "416 ",
            "ID" => "556",
    "@timestamp" => 2022-11-09T05:22:18.735849900Z,
           "log" => {
        "file" => {
            "path" => "C:/Users/Windows/Documents/elk/mule.csv"
        }
    },
      "@version" => "1",
       "message" => "Wuthering Heights, Emily,556,416 ",
          "host" => {
        "name" => "TV-Manasa-Windo"
    }
}
{
         "event" => {
        "original" => "Brave New World, Aldous,342,144 \r"
    },
         "Title" => "Brave New World",
        "Author" => " Aldous",
         "Pages" => "144 ",
            "ID" => "342",
    "@timestamp" => 2022-11-09T05:22:18.767101Z,
           "log" => {
        "file" => {
            "path" => "C:/Users/Windows/Documents/elk/mule.csv"
        }
    },
      "@version" => "1",
       "message" => "Brave New World, Aldous,342,144 \r",
          "host" => {
        "name" => "TV-Manasa-Windo"
    }
}
{
         "event" => {
        "original" => "Walden, Henry,978,301 \r"
    },
         "Title" => "Walden",
        "Author" => " Henry",
         "Pages" => "301 ",
            "ID" => "978",
    "@timestamp" => 2022-11-09T05:22:18.767101Z,
           "log" => {
        "file" => {
            "path" => "C:/Users/Windows/Documents/elk/mule.csv"
        }
    },
      "@version" => "1",
       "message" => "Walden, Henry,978,301 \r",
          "host" => {
        "name" => "TV-Manasa-Windo"
    }
}

manasa3 · November 10, 2022, 9:37am

hi can someone please help me

system · December 8, 2022, 9:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash input from Elasticsearch wrong configuration Logstash	3	405	March 23, 2022
Logstash configuration issue Logstash	3	289	August 29, 2019
"missing authentication credentials for REST request [/]" Elasticsearch	2	243	March 9, 2023
Logstash SSL/TLS error Logstash	1	350	October 3, 2023
TLS config issues? Logstash	11	1099	November 27, 2020

Logstash and elasticsearch certification issue

Related topics