[.monitoring-logstash] Pipeline terminated {"pipeline.id"=>".monitoring-logstash"}

Hello everyone,

I have a cluster of four nodes running - secured with certificates.
I have followed the tutorials to include a logstash to the cluster. At the moment I don't even use /conf.d/* configuration files to allow me to start it more easily ...

I have already tried to use superuser for communication and I have even re-generated all the different certificates for each node but it still says exactly the same thing.


[2021-02-17T22: 26: 17,191] [INFO] [logstash.monitoring.internalpipelinesource] Monitoring License OK
[2021-02-17T22: 26: 17,199] [INFO] [logstash.monitoring.internalpipelinesource] Validated license for monitoring. Enabling monitoring pipeline.
[2021-02-17T22: 26: 17,521] [INFO] [logstash.config.source.local.configpathloader] No config files found in path {: path => "/ etc / logstash / conf.d / *. Conf" }
[2021-02-17T22: 26: 19,530] [INFO] [org.reflections.Reflections] Reflections took 46 ms to scan 1 urls, producing 23 keys and 47 values
[2021-02-17T22: 26: 19,784] [WARN] [logstash.outputs.elasticsearchmonitoring] [. Monitoring-logstash] ** WARNING ** Detected UNSAFE options in elasticsearch output configuration!
** WARNING ** You have enabled encryption but DISABLED certificate verification.
** WARNING ** To make sure your data is secure change: ssl_certificate_verification to true
[2021-02-17T22: 26: 19,852] [INFO] [logstash.outputs.elasticsearchmonitoring] [. Monitoring-logstash] Elasticsearch pool URLs updated {: changes => {: removed => [],: added => [https : // grillotron: xxxxxx@prso-elk-viten-1.elk.prso.net: 9200 /]}}
[2021-02-17T22: 26: 19,945] [WARN] [logstash.outputs.elasticsearchmonitoring] [. Monitoring-logstash] Restored connection to ES instance {: url => "https: // grillotron: xxxxxx @ prso-elk- viten-1.elk.prso.net:9200/ "}
[2021-02-17T22: 26: 19,964] [INFO] [logstash.outputs.elasticsearchmonitoring] [. Monitoring-logstash] ES Output version determined {: es_version => 7}
[2021-02-17T22: 26: 19,974] [WARN] [logstash.outputs.elasticsearchmonitoring] [. Monitoring-logstash] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {: es_version => 7}
[2021-02-17T22: 26: 20,116] [INFO] [logstash.outputs.elasticsearchmonitoring] [. Monitoring-logstash] New Elasticsearch output {: class => "LogStash :: Outputs :: ElasticSearchMonitoring",: hosts => [ "https://prso-elk-viten-1.elk.prso.net:9200"]}
[2021-02-17T22: 26: 20,135] [WARN] [logstash.javapipeline] [. Monitoring-logstash] 'pipeline.ordered' is enabled and is likely less efficient, consider disabling if preserving event order is not necessary
[2021-02-17T22: 26: 20,250] [INFO] [logstash.javapipeline] [. Monitoring-logstash] Starting pipeline {: pipeline_id => ". Monitoring-logstash", "pipeline.workers" => 1, "pipeline .batch.size "=> 2," pipeline.batch.delay "=> 50," pipeline.max_inflight "=> 2," pipeline.sources "=> [" monitoring pipeline "],: thread =>" # < Thread: 0x7924cb75 run> "}
[2021-02-17T22: 26: 21,070] [INFO] [logstash.javapipeline] [. Monitoring-logstash] Pipeline Java execution initialization time {"seconds" => 0.81}
[2021-02-17T22: 26: 21,137] [INFO] [logstash.javapipeline] [. Monitoring-logstash] Pipeline started {"pipeline.id" => ". Monitoring-logstash"}
[2021-02-17T22: 26: 21,212] [INFO] [logstash.agent] Pipelines running {: count => 1,: running_pipelines => [: ". Monitoring-logstash"],: non_running_pipelines => []}
[2021-02-17T22: 26: 21,498] [INFO] [logstash.agent] Successfully started Logstash API endpoint {: port => 9600}
[2021-02-17T22: 26: 23,127] [INFO] [logstash.javapipeline] [. Monitoring-logstash] Pipeline terminated {"pipeline.id" => ". Monitoring-logstash"}
[2021-02-17T22: 26: 23,478] [INFO] [logstash.runner] Logstash shut down.

I don't know what to try anymore

You don't see to have any pipeline configured, if you do not have any pipeline running logstash will shutdown.

Can you share your logstash.yml, pipelines.yml and how are you starting logstash? Are you running it as a service or using the command line?

Sure - here is logstash.yml

node.name: logstash1.elk.prso.net
path.data: /var/lib/logstash
queue.max_bytes: 8gb
path.logs: /var/log/logstash
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: '1234567890'
xpack.monitoring.elasticsearch.hosts: [ 'https://prso-elk-viten-1.elk.prso.net:9200' ]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /etc/logstash/certs/ca.crt

And here pipelines.yml

- pipeline.id: main
  path.config: "/etc/logstash/conf.d/*.conf"

In the directory /etc/logstash/conf.d/

root@prso-elk-viten-1:~# ls -lsa /etc/logstash/conf.d/
total 16
4 drwxrwxr-x 4 root root 4096 Feb 17 17:56 .
4 drwxrwxr-x 5 root root 4096 Feb 18 09:52 ..
4 drwxr-xr-x 2 root root 4096 Feb 14 23:23 patterns
4 drwxr-xr-x 2 root root 4096 Feb 17 17:56 temp

In temp i have some cofigutarion files

registro.conf - unactivated by dont stay direcly at "config.d" directory

In Patterns - GROK patterns

--------------------------------------------------------------

Logstash is running like a service (on debian)

Thanks

So your pipelines need to be inside /etc/logstash/conf.d/ and have the *.conf extension.

But in your /etc/logstash/conf.d/ you do not have any .conf file, so you do not have any pipeline.

Without a pipeline logstash has nothing to do and will shutdown, which is waht you are seeing in your logs, you need to create a pipeline to use logstash.

Ok solved

I also had some errors in my only configuration file so I did NOT catch it and therefore, as it did not have work, it turned off.

Thanks ;)