Retrying http request, will sleep for X seconds

Venality · July 13, 2025, 11:52pm

I configured my logstash.conf file properly in terms of URL and Authorization token however It's still not sending logs and giving me an http request failure like it's not able to communicate. I came to the conclusion that it might've been a certificate issue because when I use

Invoke-WebRequest -Uri "https://127.0.0.1:8088/services/collector" `
>>   -Headers @{"Authorization"="Splunk ac09103b-7f2e-4767-940d-c8bfa0a84e12"} `
>>   -Method Post `
>>   -Body '{"event": "test event", "sourcetype": "json"}'

In powershell it sends the request and I get this back:

StatusCode        : 200
StatusDescription : OK
Content           : {"text":"Success","code":0}
RawContent        : HTTP/1.1 200 OK
                    X-Content-Type-Options: nosniff
                    Vary: Authorization
                    Connection: Keep-Alive
                    X-Frame-Options: SAMEORIGIN
                    Content-Length: 27
                    Content-Type: application/json; charset=UTF-8
                    Date: Sun...
Forms             : {}
Headers           : {[X-Content-Type-Options, nosniff], [Vary, Authorization], [Connection, Keep-Alive],
                    [X-Frame-Options, SAMEORIGIN]...}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : System.__ComObject
RawContentLength  : 27

BUT only after I used

[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }

Because before that I was still getting errors. I don't know how to replicate this in the config file tho since I used ssl_certificate_verification => false and it still doesn't work

Here's my config:

input {
  beats {
    port => 5044
  }
}

output {
  http {
    url => "https://127.0.0.1:8088/services/collector"
    http_method => "post"
    format => "json"
    headers => {
      "Authorization" => "Splunk ac09103b-7f2e-4767-940d-c8bfa0a84e12"
    ssl => true
    ssl_certificate_verification => false
    }
  }
}

Badger · July 14, 2025, 1:46am

I don't think the http output has every supported that option. logstash should not start up with that configuration.

The elasticsearch output used that option in the past, but both outputs now use ssl_verification_mode, which can be full or none.

Venality · July 14, 2025, 10:37pm

Do you know what my issue could be then?

Badger · July 14, 2025, 11:22pm

As I said, if you use ssl_certificate_verification => false in your configuration then logstash will fail to startup, and if it is not running then it will not be sending any logs to the destination.

If it is running then look at the logstash logs.

Venality · July 15, 2025, 12:18am

Well the error it was giving me was the failed http request, which is why I said it was ac communication issue which is why I tried to use that line. It didn't crash it though it ran fine besides that error which I was still getting before adding it in so I'm not sure what you're referring to.

Badger · July 15, 2025, 1:20am

My bad, I made an assumption about the configuration you posted without testing it, resulting in me diagnosing the wrong error!

You have

Venality:

output {
  http {
    url => "https://127.0.0.1:8088/services/collector"
    http_method => "post"
    format => "json"
    headers => {
      "Authorization" => "Splunk ac09103b-7f2e-4767-940d-c8bfa0a84e12"
    ssl => true
    ssl_certificate_verification => false
    }
  }
}

The problem there is that you included

ssl => true
ssl_certificate_verification => false

as headers, not as options on the output. If you reconfigure your pipeline as

output {
  http {
    url => "https://127.0.0.1:8088/services/collector"
    http_method => "post"
    format => "json"
    headers => {
      "Authorization" => "Splunk ac09103b-7f2e-4767-940d-c8bfa0a84e12"
    }
    ssl => true
    ssl_certificate_verification => false
  }
}

You will get

[ERROR][logstash.outputs.http    ] Unknown setting 'ssl_certificate_verification' for http
[ERROR][logstash.outputs.http    ] Unknown setting 'ssl' for http

and

Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Unable to configure plugins: (ConfigurationError) Something is wrong with your configuration.",

If you change it to

output {
  http {
    url => "https://127.0.0.1:8088/services/collector"
    http_method => "post"
    format => "json"
    headers => {
      "Authorization" => "Splunk ac09103b-7f2e-4767-940d-c8bfa0a84e12"
    }
    ssl_enabled => true
    ssl_verification_mode => none

  }
}

then it should try to connect with TLS and ignore server certificate errors.

Topic		Replies	Views
Unable to set "ssl true", "ssl_certificate_verification false" in logstash http output plugin Logstash	2	3450	September 9, 2020
Logstash http output not ignoring ssl Logstash	1	843	September 15, 2018
Logstash http output user password Logstash	10	2654	June 5, 2020
Logstash HTTP(s) output not working Logstash	4	4527	July 6, 2017
Failed to receive http input Logstash	2	516	October 22, 2018

Retrying http request, will sleep for X seconds

Related topics