I'm using logstash http output plugin to send log events to an URL.
This is how my output section looks like:
output {
if [logger_name] != 'xxx' and [type] != "xxx"
and [logger_name] != 'xxx' {
elasticsearch {
hosts => ["https://xxx:9200"]
ssl => true
cacert => "/usr/share/logstash/certs/my_cert.crt"
user => "elastic"
password => "xxx"
id => "elasticsearch-output"
}
}
if [logger_name] == 'xxx' or [line] or [type] == "my_type" {
http {
url => "https://domain.com:8500/myevent"
http_method => "post"
format => "message"
message => "%{logmessage}"
content_type => "text/xml"
cacert => "/usr/share/logstash/certs/certs.crt"
client_cert => "/usr/share/logstash/certs/cert.crt"
client_key => "/usr/share/logstash/certs/cert.key"
proxy => "http://proxy.domain.com:8080"
}
}
}
As you can see from the output configuration, some logs are going to go to elastic and others to the URL specified in http plugin configuration.
And this is what I get in the logstash logs:
{"level":"ERROR","loggerName":"logstash.outputs.http","timeMillis":1673416755848,"thread":"[main]>worker2","logEvent":{"message":"[HTTP Output Failure] Could not fetch URL","url":"https://domain.com:8500/myevent","method":{"metaClass":{"metaClass":{"metaClass":{"method":"post","message":"Read timed out","class":"Manticore::SocketTimeout","will_retry":true}}}}}}
I have two problems with this:
-
logstash http output plugin is unable to get to the URL.
-
None of the other logs come to elasticsearch. My theory is that somehow logstash http output plugin blocks all logs. I've proved that by taking out the logstash http output plugin and restarting logstash. As soon as I did that logs started flowing to elasticsearch.
Before taking http plugin out I tried to send some logs from the command line on the same computer (I used curl) where logstash is running to the same URL and it was successful.
Any suggestions how to proceed in this case? Any means to debug this?