elk@elk:~$ sudo /usr/share/logstash/bin/logstash --modules arcsight --setup -M "arcsight.var.inputs=smartconnector" -M "arcsight.var.elasticsearch.hosts= localhost:9200" -M "arcsight.var.kibana.host=localhost:5601"
[sudo] password for elk:
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2018-10-12 19:48:14.219 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2018-10-12 19:48:16.090 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.4.2"}
[INFO ] 2018-10-12 19:48:18.416 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[INFO ] 2018-10-12 19:48:18.433 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[WARN ] 2018-10-12 19:48:18.912 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Restored connection to ES instance {:url=>"http://localhost:9200/"}
[INFO ] 2018-10-12 19:48:19.304 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - ES Output version determined {:es_version=>6}
[WARN ] 2018-10-12 19:48:19.310 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] licensereader - Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[INFO ] 2018-10-12 19:48:19.683 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulelicensechecker - The arcsight module License OK
[INFO ] 2018-10-12 19:48:19.765 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] modulescommon - Setting up the arcsight module
[ERROR] 2018-10-12 19:48:20.193 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2018-10-12 19:48:20.349 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] kibanaclient - Error when executing Kibana client request {:error=>#<Manticore::UnknownException: Unrecognized SSL message, plaintext connection?>}
[ERROR] 2018-10-12 19:48:20.841 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] sourceloader - Could not fetch all the sources {:exception=>LogStash::ConfigLoadingError, :message=>"Failed to import module configurations to Elasticsearch and/or Kibana. Module: arcsight has Elasticsearch hosts: ["localhost:9200"] and Kibana hosts: ["localhost:5601"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:108:in block in pipeline_configs'", "org/jruby/RubyArray.java:1734:ineach'", "/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:54:in pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source/modules.rb:14:inpipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:61:in block in fetch'", "org/jruby/RubyArray.java:2481:incollect'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:60:in fetch'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:142:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:93:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in block in initialize'"]} [ERROR] 2018-10-12 19:48:20.949 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: Failed to import module configurations to Elasticsearch and/or Kibana. Module: arcsight has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"localhost:5601\"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/agent.rb:149:inconverge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:93:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:362:inblock in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
[INFO ] 2018-10-12 19:48:21.589 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.