Logstash failed to start (org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:790) ~[jruby.jar:?])

Rootlente · November 8, 2022, 4:21pm

Hello,

I am building home lab environment to collect winevent logs using filebat and send them on my Ubuntu machine where i installed everything and configured them by documentation but every time i get this error i dont know why, I researched it and cant find anything, the logstash version is

logstash 1:8.5.0-1

logstash ERROR log

[

2022-11-08T19:52:24,736][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (ArgumentError) URI is not valid - host is not specified", :backtrace=>["org.logstash.config.ir.CompiledPipeline.<init>(CompiledPipeline.java:120)", "org.logstash.execution.JavaBasePipelineExt.initialize(JavaBasePipelineExt.java:85)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initialize.call(JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodN.call(JavaMethod.java:846)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuper(IRRuntimeHelpers.java:1229)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.invokeSuper3:initialize(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$initialize$0(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:139)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:188)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:259)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:426)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:247)", "org.jruby.RubyClass.newInstance(RubyClass.java:904)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodZeroOrOneOrTwoOrThreeOrNBlock.call(JavaMethod.java:398)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:415)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:237)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.invokeOther3:new(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:178)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:222)", "org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:226)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:393)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:206)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.invokeOther4:execute(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:386)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.RUBY$block$converge_state$2(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:386)", "org.jruby.runtime.CompiledIRBlockBody.callDirect(CompiledIRBlockBody.java:141)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:64)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:58)", "org.jruby.runtime.Block.call(Block.java:143)", "org.jruby.RubyProc.call(RubyProc.java:309)", "org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:107)", "java.base/java.lang.Thread.run(Thread.java:833)"]}
[2022-11-08T19:52:24,805][INFO ][logstash.runner          ] Logstash shut down.
[2022-11-08T19:52:24,811][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:790) ~[jruby.jar:?]
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:753) ~[jruby.jar:?]
	at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:91) ~[?:?]

My conf.file is:


input {
     beats {
         port => 5044
     }
  }

output{
lasticsearch {
hosts => ["http://172:21:14:104:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}

i dont know what to do, thank you for any help!

Badger · November 8, 2022, 5:59pm

The first three of these : should be .

Rootlente · November 8, 2022, 6:02pm

Badger thank you for your response i am trying to fix it almost 10 days you mean that output should be up ? and input down in configuration file ?

Badger · November 8, 2022, 6:32pm

I am saying you should change "http://172:21:14:104:9200" to "http://172.21.14.104:9200"

Rootlente · November 8, 2022, 7:00pm

i changed it but without any success, also when i check the port 5044 it is not active

netstat -tulpn (there is not presented port 5044)

http://172.21.14.104:5601/app/home#/ (this one works well)
http://172.21.14.104:9200 (also works great)

i see same errors again

at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:790) ~[jruby.jar:?]
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:753) ~[jruby.jar:?]
	at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:91) ~[?:?]

Thank very much for your help!

Badger · November 8, 2022, 7:16pm

Are you saying you still get the URI is not valid - host is not specified error? If not, what error do you get?

Rootlente · November 8, 2022, 7:27pm

this is full error log of logstash, thank you again i dont know what to do...

[2022-11-08T22:59:59,369][INFO ][logstash.runner          ] Logstash shut down.
[2022-11-08T22:59:59,376][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:790) ~[jruby.jar:?]
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:753) ~[jruby.jar:?]
	at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:91) ~[?:?]
[2022-11-08T23:00:14,926][INFO ][logstash.runner          ] Log4j configuration path used is: /etc/logstash/log4j2.properties
[2022-11-08T23:00:14,939][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"8.5.0", "jruby.version"=>"jruby 9.3.8.0 (2.6.8) 2022-09-13 98d69c9461 OpenJDK 64-Bit Server VM 17.0.4+8 on 17.0.4+8 +jit [x86_64-linux]"}
[2022-11-08T23:00:14,942][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xmx2g, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=false, -Djruby.jit.threshold=0, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
[2022-11-08T23:00:16,650][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2022-11-08T23:00:16,749][INFO ][org.reflections.Reflections] Reflections took 135 ms to scan 1 urls, producing 125 keys and 438 values
[2022-11-08T23:00:17,054][ERROR][logstash.plugins.registry] Unable to load plugin. {:type=>"output", :name=>"lasticsearch"}
[2022-11-08T23:00:17,058][ERROR][logstash.agent           ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::JavaLang::IllegalStateException", :message=>"Unable to configure plugins: (PluginLoadingError) Couldn't find any output plugin named 'lasticsearch'. Are you sure this is correct? Trying to load the lasticsearch output plugin resulted in this error: Unable to load the requested plugin named lasticsearch of type output. The plugin is not installed.", :backtrace=>["org.logstash.config.ir.CompiledPipeline.<init>(CompiledPipeline.java:120)", "org.logstash.execution.JavaBasePipelineExt.initialize(JavaBasePipelineExt.java:85)", "org.logstash.execution.JavaBasePipelineExt$INVOKER$i$1$0$initialize.call(JavaBasePipelineExt$INVOKER$i$1$0$initialize.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodN.call(JavaMethod.java:846)", "org.jruby.ir.runtime.IRRuntimeHelpers.instanceSuper(IRRuntimeHelpers.java:1229)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.invokeSuper3:initialize(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "usr.share.logstash.logstash_minus_core.lib.logstash.java_pipeline.RUBY$method$initialize$0(/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:48)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:139)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:188)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:259)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:426)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:247)", "org.jruby.RubyClass.newInstance(RubyClass.java:904)", "org.jruby.RubyClass$INVOKER$i$newInstance.call(RubyClass$INVOKER$i$newInstance.gen)", "org.jruby.internal.runtime.methods.JavaMethod$JavaMethodZeroOrOneOrTwoOrThreeOrNBlock.call(JavaMethod.java:398)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:415)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:237)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.invokeOther3:new(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "usr.share.logstash.logstash_minus_core.lib.logstash.pipeline_action.create.RUBY$method$execute$0(/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:50)", "org.jruby.internal.runtime.methods.CompiledIRMethod.call(CompiledIRMethod.java:178)", "org.jruby.internal.runtime.methods.MixedModeIRMethod.call(MixedModeIRMethod.java:222)", "org.jruby.internal.runtime.methods.DynamicMethod.call(DynamicMethod.java:226)", "org.jruby.runtime.callsite.CachingCallSite.cacheAndCall(CachingCallSite.java:393)", "org.jruby.runtime.callsite.CachingCallSite.call(CachingCallSite.java:206)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.invokeOther4:execute(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:386)", "usr.share.logstash.logstash_minus_core.lib.logstash.agent.RUBY$block$converge_state$2(/usr/share/logstash/logstash-core/lib/logstash/agent.rb:386)", "org.jruby.runtime.CompiledIRBlockBody.callDirect(CompiledIRBlockBody.java:141)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:64)", "org.jruby.runtime.IRBlockBody.call(IRBlockBody.java:58)", "org.jruby.runtime.Block.call(Block.java:143)", "org.jruby.RubyProc.call(RubyProc.java:309)", "org.jruby.internal.runtime.RubyRunnable.run(RubyRunnable.java:107)", "java.base/java.lang.Thread.run(Thread.java:833)"]}
[2022-11-08T23:00:17,130][INFO ][logstash.runner          ] Logstash shut down.
[2022-11-08T23:00:17,137][FATAL][org.logstash.Logstash    ] Logstash stopped processing because of an error: (SystemExit) exit
org.jruby.exceptions.SystemExit: (SystemExit) exit
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:790) ~[jruby.jar:?]
	at org.jruby.RubyKernel.exit(org/jruby/RubyKernel.java:753) ~[jruby.jar:?]
	at usr.share.logstash.lib.bootstrap.environment.<main>(/usr/share/logstash/lib/bootstrap/environment.rb:91) ~[?:?]

Badger · November 8, 2022, 7:42pm

Couldn't find any output plugin named 'lasticsearch'

You have a typo in your configuration. That should be 'elasticsearch'.

Rootlente · November 8, 2022, 7:52pm

it the input configuration file there was an error in lasticsearch it should be elasticsearch i fixed it

but now i get an error:
Invalid version of beats protocol: 64

and on windows machine:

wwsarecv: An existing connection was forcibly closed by the remote host.

Thank you so much!!!

Badger · November 8, 2022, 8:06pm

See this post.

Rootlente · November 8, 2022, 8:08pm

Thank you very very much for your help!

Rootlente · November 8, 2022, 8:10pm

i have an question why does when i run:
netstat -tulpn i see output

tcp6 :::5044 listen (actually it is ipv6) ?

Badger · November 8, 2022, 8:18pm

See this post.

system · December 6, 2022, 8:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.