ES, Logstash 8.17.1. I've implemented syslog via conf file in conf.d directory of Logstash to connect to OpenShift in Sandbox/dev environment. It all worked one day. Next day logs stopped with error in /var/log/logstash/logstash-plain.log that jruby exits with Fatal error due to output.elasticsearch.hosts does not exist. Since then I've reinstalled Logstash 3 times without any result. If there is known resolution please let me know. Environment: RHEL 8.10, ELK rpm installation, YUM/RPM Logstash installations with "yum update"," logstash-plugin update". I verified that /var/log/messages generated and it has the same error.
Can you share the exact log line you are receiving? Without seeing the exact log error you are receiving is pretty hard to do any troubleshooting.
output.elasticsarch.hosts is not a Logstash configuration, it is a beats configuration, maybe something is mixed up in your system?
1 Like
I am attaching 5 fiiles:
files: content of /var/log/messages, /var/log/logstash/logstash-plain.log, logstash-sample.conf, anticipated logstash-plain.log
Please avoid sharing screenshots, they can be hard to read and it is not possible to quote them to provide feedback.
Share the configurations and logs as plain text using the Prefromatted text option, the </> button.
On the logstash-yml image, where did you get this configuration? This is wrong, there is no output.* in this file, this is a filebeat configuration.
Outputs in Logstash are configured in the logstash configuration file.
Remove the output.* configurations from logstash.yml, this does not exist.
Thank you! I found more issues in config file itself as well: I was using cacert instead of ssl_certificate_authorities; cacert was absolete.
I did remove output from logstash.yml. Its all working now.
Irina