Logstash version: 8.15.1
OS: Amazon Linux 2
All packages updated
Steps to reproduce:
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
in /etc/yum.repos.d/logstash.repo
[logstash-8.x]
name=Elastic repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
yum install -y logstash
in /etc/logstash/logstash.yml, all settings as they are except:
api.http.host: MY_IP
in /etc/logstash/jvm.options, all settings as they are except I modified
-Xms3762m
-Xmx3762m
in /etc/logstash/conf.d/ I've added my-input.conf:
input {
azure_event_hubs {....}
}
in /etc/logstash/conf.d/ I've added my-output.conf:
output {
rabbitmq {...}
}
/usr/share/logstash/bin/logstash-plugin install logstash-input-azure_event_hubs
Installed successfully
Started logstash -> I got an error related to the azure plugin, but it is not the object of this topic. Logstash started.
/usr/share/logstash/bin/logstash-plugin install logstash-input-cloudwatch_logs
Output:
/usr/share/logstash/bin/logstash-plugin install logstash-input-cloudwatch_logs
Using bundled JDK: /usr/share/logstash/jdk
Validating logstash-input-cloudwatch_logs
Resolving mixin dependencies
WARN: Unresolved or ambiguous specs during Gem::Specification.reset:
date (>= 0)
Available/installed versions of this gem:
- 3.3.4
- 3.3.3
WARN: Clearing out unresolved specs. Try 'gem cleanup <gem>'
Please report a bug if this causes problems.
Installing logstash-input-cloudwatch_logs
and it remains like this unless I interrupt it.
After that, when I try to restart logstash the output is:
Sep 12 21:56:05 ip-10-7-188-140 systemd: Started logstash.
Sep 12 21:56:05 ip-10-7-188-140 logstash: Using bundled JDK: /usr/share/logstash/jdk
Sep 12 21:56:15 ip-10-7-188-140 logstash: [FATAL] 2024-09-12 21:56:15.253 [main] Logstash - Logstash was unable to start due to an unexpected Gemfile change.
Sep 12 21:56:15 ip-10-7-188-140 logstash: If you are a user, this is a bug.
Sep 12 21:56:15 ip-10-7-188-140 logstash: If you are a logstash developer, please try restarting logstash with the `--enable-local-plugin-development` flag set.
Sep 12 21:56:15 ip-10-7-188-140 systemd: logstash.service: main process exited, code=exited, status=1/FAILURE
Sep 12 21:56:15 ip-10-7-188-140 systemd: Unit logstash.service entered failed state.
Sep 12 21:56:15 ip-10-7-188-140 systemd: logstash.service failed.
Sep 12 21:56:15 ip-10-7-188-140 systemd: logstash.service holdoff time over, scheduling restart.
Sep 12 21:56:15 ip-10-7-188-140 systemd: Stopped logstash.
Sep 12 21:56:15 ip-10-7-188-140 systemd: Started logstash.
Sep 12 21:56:15 ip-10-7-188-140 logstash: Using bundled JDK: /usr/share/logstash/jdk
Sep 12 21:56:23 ip-10-7-188-140 systemd: Stopping logstash...
Sep 12 21:56:23 ip-10-7-188-140 systemd: logstash.service: main process exited, code=exited, status=143/n/a
Sep 12 21:56:23 ip-10-7-188-140 systemd: Stopped logstash.
Sep 12 21:56:23 ip-10-7-188-140 systemd: Unit logstash.service entered failed state.
Sep 12 21:56:23 ip-10-7-188-140 systemd: logstash.service failed.
Even trying to get the version of logstash resulted in:
/usr/share/logstash/bin/logstash version
Using bundled JDK: /usr/share/logstash/jdk
[FATAL] 2024-09-12 21:59:52.938 [main] Logstash - Logstash was unable to start due to an unexpected Gemfile change.
If you are a user, this is a bug.
If you are a logstash developer, please try restarting logstash with the `--enable-local-plugin-development` flag set.
While reproducing this, you can omit the azure part. Just trying to install that plugin makes logstash unusable.
I've noticed the same behaviour if instead of trying to install cloudwatch_logs plugin I try an upgrade of the azure plugin
/usr/share/logstash/bin/logstash-plugin update logstash-input-azure_event_hubs
Am I doing something wrong? Thank you for any suggestion.