Logstash error : invalid setting for elasticsearch output plugin

sirineb · September 12, 2022, 1:16pm

Hi,

I have two pipeline configurations located in /etc/logstash/conf.d. I can make work both seperately by running /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/**.conf -r, and it sends data to elasticsearch as I want.

The output is the same for both except the index :

output {
  stdout { }
  elasticsearch {
    hosts => ["https://myip:9200"]
    index => "switch-%{+YYYY.MM.dd}"
    ssl => true
    ssl_certificate_verification => true
    cacert => "/etc/logstash/certs/http_ca.crt"
    user => "${es_user}"
    password => "${es_pwd}"
  }
}

So I tried to make the two configurations work together. Here's my pipeline.yml :

- pipeline.id: switch
  path.config: "/etc/logstash/conf.d/switch.conf"
- pipeline.id: esxi
  path.config: "/etc/logstash/conf.d/esxi.conf"

And here's the error I get when I try to run logstash (with systemctl start logstash) :

sept. 12 14:57:47 local logstash[45016]: [2022-09-12T14:57:47,421][ERROR][logstash.outputs.elasticsearch] Invalid setting for elasticsearch output plugin:
sept. 12 14:57:47 local logstash[45016]:   output {
sept. 12 14:57:47 local logstash[45016]:     elasticsearch {
sept. 12 14:57:47 local logstash[45016]:       # This setting must be a path
sept. 12 14:57:47 local logstash[45016]:       # File does not exist or cannot be opened /etc/logstash/certs/http_ca.crt
sept. 12 14:57:47 local logstash[45016]:       cacert => "/etc/logstash/certs/http_ca.crt"
sept. 12 14:57:47 local logstash[45016]:       ...
sept. 12 14:57:47 local logstash[45016]:     }
sept. 12 14:57:47 local logstash[45016]:   }
sept. 12 14:57:47 local logstash[45016]: [2022-09-12T14:57:47,425][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:esxi-pipeline, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration.", :backtrace=>["org.logstash.config.ir.CompiledPipeline.<init>(CompiledPipeline.java:120)", "org.logstash.execution.JavaBasePipelineExt.initialize(JavaBasePipelineExt.java:85)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initialize.call(JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodN.call(JavaMethod.java:846)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuper(IRRuntimeHelpers.java:1229)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuperSplatArgs(IRRuntimeHelpers.java:1202)", "org.jruby.ir.targets.indy.InstanceSuperInvokeSite.invoke(InstanceSuperInvokeSite.java:29)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$initialize$0(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.RUBY$block$converge_state$2(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:381)", "org.jruby.runtime.CompiledIRBlockBody.callDirect(CompiledIRBlockBody.java:141)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:64)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:58)", "org.jruby.runtime.Block.call(Block.java:143)", "org.jruby.RubyProc.call(RubyProc.java:309)", "org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:107)", "java.base/java.lang.Thread.run(Thread.java:833)"]}

I tried to modify the path with ', [ but it didn't change anything.

I found other topics with other plugins not related to elasticsearch in particular so I guess it is more of a Logstash probem than an Elasticsearch one.

Thanks for your help !

leandrojmp · September 12, 2022, 1:19pm

How are you running logstash? As a service? Did you check the permissions of this path?

sirineb · September 12, 2022, 1:50pm

Hi, thanks for your quick answer !

Yes logstash is running as a service.

Regarding the permissions, I changed the owner of the file http_ca.crt from root to logstash but it didn't change anything. But while answering, I changed the owner of the whole path and it seems to have done something, I don't have this error anymore. It is not working yet as I have another issue but I will keep you posted if the problem is back.

I ran chown logstash:logstash /etc/logstash/certs for those that it could help.

Thanks so much !!

system · October 10, 2022, 1:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Starting error caused by content of config file that it doesn't actually include Logstash elastic-stack-security	1	531	June 14, 2021
TLS/SSL for logstash 5.6 Logstash elastic-stack-security	10	895	March 26, 2019
BUG: Logstash Elasticsearch output plugin writes to one index Logstash	3	516	October 14, 2019
About Logstash configuration using ssl Logstash elastic-stack-security	2	158	January 16, 2024
Multiple logstash output configurations Logstash	2	290	July 10, 2020

Logstash error : invalid setting for elasticsearch output plugin

Related topics