Hello,
I am trying to forward logs to any other location for the moment however i have the following error when trying to forward any data what so ever. I have a netcat listener on the opposite end and can see the incoming connection but the elastic logstash side fails.
Just need some help or guidance please.
</>
'''
root@XXXXXXX:/opt/logstash-8.8.0# ./bin/logstash -e 'input { stdin { } } output { elasticsearch { hosts => ["192.168.3.54:7000"] } stdout {} }'
Using bundled JDK: /opt/logstash-8.8.0/jdk
Sending Logstash logs to /opt/logstash-8.8.0/logs which is now configured via log4j2.properties
[2023-07-13T09:34:54,119][INFO ][logstash.runner ] Log4j configuration path used is: /opt/logstash-8.8.0/config/log4j2.properties
[2023-07-13T09:34:54,122][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"8.8.0", "jruby.version"=>"jruby 9.3.10.0 (2.6.8) 2023-02-01 107b2e6697 OpenJDK 64-Bit Server VM 17.0.7+7 on 17.0.7+7 +indy +jit [x86_64-linux]"}
[2023-07-13T09:34:54,124][INFO ][logstash.runner ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED]
[2023-07-13T09:34:54,282][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2023-07-13T09:34:54,957][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
[2023-07-13T09:34:55,626][INFO ][org.reflections.Reflections] Reflections took 523 ms to scan 1 urls, producing 132 keys and 464 values
[2023-07-13T09:34:58,824][INFO ][logstash.javapipeline ] Pipeline main
is configured with pipeline.ecs_compatibility: v8
setting. All plugins in this pipeline will default to ecs_compatibility => v8
unless explicitly configured otherwise.
[2023-07-13T09:34:58,839][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::Elasticsearch", :hosts=>["//192.168.3.54:7000"]}
[2023-07-13T09:35:00,040][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://192.168.3.54:7000/]}}
[2023-07-13T09:35:00,289][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to 192.168.3.54:7000 [/192.168.3.54] failed: Connection refused", :exception=>Manticore::SocketException, :cause=>#<Java::OrgApacheHttpConn::HttpHostConnectException: Connect to 192.168.3.54:7000 [/192.168.3.54] failed: Connection refused>}
[2023-07-13T09:35:00,290][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://192.168.3.54:7000/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://192.168.3.54:7000/][Manticore::SocketException] Connect to 192.168.3.54:7000 [/192.168.3.54] failed: Connection refused"}
[2023-07-13T09:35:00,297][INFO ][logstash.outputs.elasticsearch][main] Data streams auto configuration (data_stream => auto
or unset) resolved to true
[2023-07-13T09:35:00,297][WARN ][logstash.outputs.elasticsearch][main] Elasticsearch Output configured with ecs_compatibility => v8
, which resolved to an UNRELEASED preview of version 8.0.0 of the Elastic Common Schema. Once ECS v8 and an updated release of this plugin are publicly available, you will need to update this plugin to resolve this warning.
[2023-07-13T09:35:00,309][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["config string"], :thread=>"#<Thread:0x563130af@/opt/logstash-8.8.0/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
[2023-07-13T09:35:04,941][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"=>4.63}
[2023-07-13T09:35:05,050][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
The stdin plugin is now waiting for input:
[2023-07-13T09:35:05,218][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>}
[2023-07-13T09:35:05,297][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to 192.168.3.54:7000 [/192.168.3.54] failed: Connection refused", :exception=>Manticore::SocketException, :cause=>#<Java::OrgApacheHttpConn::HttpHostConnectException: Connect to 192.168.3.54:7000 [/192.168.3.54] failed: Connection refused>}
[2023-07-13T09:35:05,298][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://192.168.3.54:7000/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://192.168.3.54:7000/][Manticore::SocketException] Connect to 192.168.3.54:7000 [/192.168.3.54] failed: Connection refused"}
'''
</>