Logstash error after configuring ssl in the logstash.conf

Matish_Bhuyan · July 22, 2020, 10:05pm

Hi All ,

I have configured my elk stack to use ssl settings and after the change in Kibana and elasticsearch i have updated the logstash configuration ,

I am able to connect to my elasticsearch cluster from logstash as logs says connection established

but just 2/3 secs after that this 500 error is coming in the logstash logs.

Please help to fix the error.

[ERROR][logstash.outputs.elasticsearch] Failed to install template. {:message=>"Got response code '500' contacting Elasticsearch at URL 'https://xx.xx.xx.xx:9201/_xpack'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:278:in `block in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:373:in `with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:277:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:285:in `block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:162:in `get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:378:in `get_xpack_info'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:57:in `ilm_ready?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:28:in `ilm_in_use?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/template_manager.rb:14:in `install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:130:in `install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:51:in `block in setup_after_successful_connection'"]}
[2020-07-22T23:41:59,479][FATAL][logstash.runner          ] An unexpected error occurred! {:error=>#<LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError: LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:278:in `block in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:373:in `with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:277:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:285:in `block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:162:in `get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:378:in `get_xpack_info'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:57:in `ilm_ready?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/ilm.rb:28:in `ilm_in_use?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:52:in `block in setup_after_successful_connection'"]}

Badger · July 22, 2020, 10:39pm

I would expect there to be a more helpful error in the elasticsearch logs.

Matish_Bhuyan · July 23, 2020, 6:36pm

Hi Badger,

my Elasticsearch was started but after 2/3 seconds it was stopped by giving this error log

Unexpected exception [_xpack] InvalidIndexNameException[Invalid index name [ xpack], must not start with ' ’.]
org.elasticsearch.indices.InvalidIndexNameException: Invalid index name [ xpack], must not start with ' ’.
at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.validateAliasOrIndex(IndexNameExpressionResolver.java:750) ~[elasticsearch-7.2.0.jar:7.2.0]

but is systemctl status it's showing as active.

Matish_Bhuyan · July 23, 2020, 6:37pm

in my elasticsearch.yml no where i have enabled any index starting with name xpack.

Even checked my elasticsearch and kibana yml file no configuration setting with line xpack is mentioned.

Badger · July 23, 2020, 6:50pm

Can you try adding this option to your elasticsearch output?

ilm_enabled => false

That is to address the xpack / licensing issue.

Matish_Bhuyan · July 23, 2020, 6:54pm

ok i ain't using the xpack feature
so is this ilm feature requires a xpack license , as i don't have any license

Badger · July 23, 2020, 7:08pm

I believe the attempt to reference the '_xpack' index is related to the licence check and that turning off ILM may remove the exception.

Matish_Bhuyan · July 23, 2020, 7:13pm

ok doing that now

and let you know the results

Matish_Bhuyan · July 23, 2020, 7:39pm

That works perfectly after adding the ilm_enabled => false in the output section if logstash.conf file.

here is the log after starting the logstassh and the elasticsearch

elasticsearch service logs

[2020-07-23T21:28:19,257][INFO ][c.f.s.c.ConfigurationRepository] [] Node 'mp-xx-xx-xx-xx' initialized
[2020-07-23T21:28:20,810][INFO ][o.e.m.j.JvmGcMonitorService] [
[gc][young][4][3] duration [823ms], collections [1]/[1.2s], total [823ms]/[941ms], memory [451.8mb]->[153.8mb]/[7.9gb], all_pools {[young] [391mb]->[7.4mb]/[532.5mb]}{[survivor] [60.8mb]->[66.5mb]/[66.5mb]}{[old] [0b]->[82.3mb]/[7.3gb]}
[2020-07-23T21:28:20,812][WARN ][o.e.m.j.JvmGcMonitorService] [
] [gc][4] overhead, spent [823ms] collecting in the last [1.2s]
[2020-07-23T21:28:21,482][INFO ][o.e.c.r.a.AllocationService] ] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.kibana_1][0]] ...]).
[2020-07-23T21:29:24,834][INFO ][o.e.c.m.MetaDataCreateIndexService] [audittrail-2020.07.23] creating index, cause [auto(bulk api)], templates , shards [1]/[1], mappings
[2020-07-23T21:29:25,106][INFO ][o.e.c.m.MetaDataMappingService] [audittrail-2020.07.23/fYLVcpuST6WvK8BItV6nIg] create_mapping [_doc]

and also the logstash logs

[ 2020-07-23T21:28:20,871][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"https://admin:xxxxxx@xx.xx.xx.xx:9201/"}
[2020-07-23T21:28:21,235][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>7}
[2020-07-23T21:28:21,249][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>7}
[2020-07-23T21:29:23,107][INFO ][logstash.outputs.elasticsearch] Using default mapping template
[2020-07-23T21:29:23,220][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}

Matish_Bhuyan · July 23, 2020, 7:39pm

Thanks a lot badger.

system · August 20, 2020, 7:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Error Logstash	1	550	December 14, 2021
Having trouble getting data to elasticsearch Logstash	4	3920	July 6, 2017
How to fix that errors? Logstash	1	416	December 6, 2019
Enabling SSL with Elasticsearch cause logstash pipeline error Logstash	10	775	December 27, 2022
Kibana with Logstash 5.0 elasticsearch 5.0 error Logstash	7	1752	December 8, 2016

Logstash error after configuring ssl in the logstash.conf

Related topics