Hi together,
after I installed Search Guard Plugin Ichanged the
hosts => ["] in my own pipeline-config Output Section from:
hosts => ["http://localhost:9200"] to hosts => ["https://localhost:9200"]
but now I'm unable to start it via systemctl.
If I start it via command line /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/myconfig.conf
It starts without problems.
The problem while start it via systemctl is, that first he recognizes my changes at
hosts => ["https://localhost:9200"] but after he removes it and changes back to hosts => ["http://localhost:9200"]
Logs:
ES Output version determined {:es_version=>6}
Feb 01 09:13:13 wazuh-server logstash[24181]: [2019-02-01T09:13:13,632][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: thetypeevent field won't be used to determine the document ...:es_version=>6}
Feb 01 09:13:13 wazuh-server logstash[24181]: [2019-02-01T09:13:13,658][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::Elasticsearch", :hosts=>["https://localhost:9200"]}
Feb 01 09:13:13 wazuh-server logstash[24181]: [2019-02-01T09:13:13,678][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
Feb 01 09:13:13 wazuh-server logstash[24181]: [2019-02-01T09:13:13,692][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>60001, "s...h_match"=>"mess
Feb 01 09:13:13 wazuh-server logstash[24181]: [2019-02-01T09:13:13,720][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://localhost:9200/]}}
Feb 01 09:13:13 wazuh-server logstash[24181]: [2019-02-01T09:13:13,774][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/", :error...
I also changed the owner and group of /etc/logstash/ to logstash:logstash
and the same for /usr/share/logstash (inclusive sub directories)
What could be the problem?
Many thanks in advance
Kind regards
Ricardo