I am having a hard time setting up my ELK. I was able to start my Elasticsearch instance. I was able to start my Kibana instance. But I am not able to have by Logstash running. Here are the details.
- elasticsearch.yml configuration is as follows
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"xpack.security.audit.enabled: true
Here:
- elastic-certificates.p12 was created using instructions here
- http.p12 was created using instructions here
Both these files are copied to elasticsearch/config folder
- logstash.yml is as follows
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 'pwdforlogstash'
xpack.monitoring.elasticsearch.hosts: [ 'https://localhost:9200' ]
I am trying to start logstash with the command:
logstash -f D:\RC\Softwares\ELKX\7.6.0\*.conf --config.reload.automatic
Here are the logs
D:\RC\Softwares\ELKX\7.6.0\logstash\bin>logstash -f D:\RC\Softwares\ELKX\7.6.0\*.conf --config.reload.automatic
Sending Logstash logs to D:/RC/Softwares/ELKX/7.6.0/logstash/logs which is now configured via log4j2.properties
[2020-04-21T11:14:38,407][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2020-04-21T11:14:38,574][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.6.0"}
[2020-04-21T11:14:42,168][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [https://logstash_system:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2020-04-21T11:14:42,248][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
[2020-04-21T11:14:44,534][INFO ][org.reflections.Reflections] Reflections took 128 ms to scan 1 urls, producing 20 keys and 40 values
[2020-04-21T11:14:45,215][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elastic:xxxxxx@localhost:9200/]}}
[2020-04-21T11:14:45,390][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2020-04-21T11:14:45,437][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https://localhost:9200"]}
[2020-04-21T11:14:45,586][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.RubyArray) has been create for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
[2020-04-21T11:14:45,598][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["D:/RC/Softwares/ELKX/7.6.0/simple.conf"], :thread=>"#<Thread:0x3ba454d8 run>"}
[2020-04-21T11:14:47,026][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2020-04-21T11:14:47,216][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2020-04-21T11:14:47,758][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2020-04-21T11:14:50,517][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
Could you please help me identify what the issue here is? Please let me know if you need any other details.