Logstash error after configuring ssl in the logstash.conf

Hi All ,

I have configured my elk stack to use ssl settings and after the change in Kibana and elasticsearch i have updated the logstash configuration ,

I am able to connect to my elasticsearch cluster from logstash as logs says connection established

but just 2/3 secs after that this 500 error is coming in the logstash logs.

Please help to fix the error.

[ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Got response code '500' contacting Elasticsearch at URL 'https://xx.xx.xx.xx:9201/_xpack'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:278:in `block in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:373:in `with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:277:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:285:in `block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:162:in `get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:378:in `get_xpack_info'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:57:in `ilm_ready?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:28:in `ilm_in_use?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/template_manager.rb:14:in `install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:130:in `install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:51:in `block in setup_after_successful_connection'"]}
[2020-07-22T23:41:59,479][FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError: LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:278:in `block in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:373:in `with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:277:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:285:in `block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:162:in `get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:378:in `get_xpack_info'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:57:in `ilm_ready?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:28:in `ilm_in_use?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:52:in `block in setup_after_successful_connection'"]}

I would expect there to be a more helpful error in the elasticsearch logs.

Hi Badger,

my Elasticsearch was started but after 2/3 seconds it was stopped by giving this error log

Unexpected exception [_xpack] InvalidIndexNameException[Invalid index name [ xpack], must not start with ' ’.]
org.elasticsearch.indices.InvalidIndexNameException: Invalid index name [ xpack], must not start with ' ’.
at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.validateAliasOrIndex(IndexNameExpressionResolver.java:750) ~[elasticsearch-7.2.0.jar:7.2.0]

but is systemctl status it's showing as active.

in my elasticsearch.yml no where i have enabled any index starting with name xpack.

Even checked my elasticsearch and kibana yml file no configuration setting with line xpack is mentioned.

Can you try adding this option to your elasticsearch output?

ilm_enabled => false

That is to address the xpack / licensing issue.

ok i ain't using the xpack feature
so is this ilm feature requires a xpack license , as i don't have any license

I believe the attempt to reference the '_xpack' index is related to the licence check and that turning off ILM may remove the exception.

ok doing that now

and let you know the results

That works perfectly after adding the ilm_enabled => false in the output section if logstash.conf file.

here is the log after starting the logstassh and the elasticsearch

elasticsearch service logs

[2020-07-23T21:28:19,257][INFO ][c.f.s.c.ConfigurationRepository] [] Node 'mp-xx-xx-xx-xx' initialized
[2020-07-23T21:28:20,810][INFO ][o.e.m.j.JvmGcMonitorService] [

[gc][young][4][3] duration [823ms], collections [1]/[1.2s], total [823ms]/[941ms], memory [451.8mb]->[153.8mb]/[7.9gb], all_pools {[young] [391mb]->[7.4mb]/[532.5mb]}{[survivor] [60.8mb]->[66.5mb]/[66.5mb]}{[old] [0b]->[82.3mb]/[7.3gb]}
[2020-07-23T21:28:20,812][WARN ][o.e.m.j.JvmGcMonitorService] [
] [gc][4] overhead, spent [823ms] collecting in the last [1.2s]
[2020-07-23T21:28:21,482][INFO ][o.e.c.r.a.AllocationService] ] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana_1][0]] ...]).
[2020-07-23T21:29:24,834][INFO ][o.e.c.m.MetaDataCreateIndexService] [audittrail-2020.07.23] creating index, cause [auto(bulk api)], templates , shards [1]/[1], mappings
[2020-07-23T21:29:25,106][INFO ][o.e.c.m.MetaDataMappingService] [audittrail-2020.07.23/fYLVcpuST6WvK8BItV6nIg] create_mapping [_doc]

and also the logstash logs

[ 2020-07-23T21:28:20,871][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"https://admin:xxxxxx@xx.xx.xx.xx:9201/"}
[2020-07-23T21:28:21,235][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>7}
[2020-07-23T21:28:21,249][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>7}
[2020-07-23T21:29:23,107][INFO ][logstash.outputs.elasticsearch] Using default mapping template
[2020-07-23T21:29:23,220][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}

Thanks a lot badger.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.