I have just installed the HTTP Poller
plugin, and I am now following the tutorial here.
As instructed by the tutorial, I am using this config:
input {
http_poller {
urls => {
"localhost" => "http://localhost:8000"
}
automatic_retries => 0
# Check the site every 10s
interval => 10
# Wait no longer than 8 seconds for the request to complete
request_timeout => 8
# Store metadata about the request in this field
metadata_target => http_poller_metadata
# Tag this request so that we can throttle it in a filter
tags => website_healthcheck
}
}
filter {
# The poller doesn't set an '@host' field because it may or may not have meaning
# In this case we can set it to the 'name' of the host which will be 'localhost'
# The name is the key used in the poller's 'url' config
if [http_poller_metadata] {
mutate {
add_field => {
"@host" => "%{http_poller_metadata[name]}"
}
}
}
# Classify slow requests
if [http_poller_metadata][runtime_seconds] and [http_poller_metadata][runtime_seconds] > 0.5 {
mutate {
add_tag => "slow_request"
}
}
# Classify requests that can't connect or have an unexpected response code
if [http_request_failure] or
[http_poller_metadata][code] != 200 {
# Tag all these events as being bad
mutate {
add_tag => "bad_request"
}
}
if "bad_request" in [tags] {
# Tag all but the first message every 10m as "_throttled_poller_alert"
# We will later drop messages tagged as such.
throttle {
key => "%{@host}-RequestFailure"
period => 600
before_count => -1
after_count => 1
add_tag => "throttled_poller_alert"
}
# Drop all throttled events
if "throttled_poller_alert" in [tags] {
drop {}
}
# The SNS output plugin requires special fields to send its messages
# This should be fixed soon, but for now we need to set them here
# For a more robust and flexible solution (tolerant of logstash restarts)
# Logging to elasticsearch and using the Watcher plugin is advised
mutate {
add_field => {
sns_subject => "%{@host} is not so healthy! %{@tags}"
sns_message => '%{http_request_failure}'
codec => json
}
}
}
}
output {
# Catch throttled messages for request failures
# If we hit one of these, send the output to stdout
# as well as an AWS SNS Topic
# UNCOMMENT THIS TO ENABLE SNS SUPPORT
#if "http_request_failure" in [tags] {
# sns {
# codec => json
# access_key_id => "YOURKEY"
# secret_access_key => "YOURSECRET"
# arn => "arn:aws:sns:us-east-1:773216979769:logstash-test-topic"
# }
#}
elasticsearch {
protocol => http
}
stdout {
codec => rubydebug
}
}
I saved the contents above inside a file called http-pipeline.config
, which is stored inside the bin
folder for logstash
.
When I run the command logstash -f http-pipeline.conf
, I see the following output:
Sending Logstash logs to C:/Users/Miao/Downloads/logstash-6.7.0/logs which is now configured via log4j2.properties
[2019-04-01T11:28:24,916][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-04-01T11:28:24,947][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.7.0"}
[2019-04-01T11:28:36,623][ERROR][logstash.outputs.elasticsearch] Unknown setting 'protocol' for elasticsearch
[2019-04-01T11:28:36,654][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Something is wrong with your configuration.", :backtrace=>["C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/config/mixin.rb:86:in `config_init'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/outputs/base.rb:60:in `initialize'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:232:in `initialize'", "org/logstash/config/ir/compiler/OutputDelegatorExt.java:48:in `initialize'", "org/logstash/config/ir/compiler/OutputDelegatorExt.java:30:in `initialize'", "org/logstash/plugins/PluginFactoryExt.java:239:in `plugin'", "org/logstash/plugins/PluginFactoryExt.java:184:in `plugin'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/pipeline.rb:71:in `plugin'", "(eval):168:in `initialize'", "org/jruby/RubyKernel.java:1047:in `eval'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/pipeline.rb:49:in `initialize'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/pipeline.rb:90:in `initialize'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/pipeline_action/create.rb:43:in `block in execute'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/agent.rb:96:in `block in exclusive'", "org/jruby/ext/thread/Mutex.java:165:in `synchronize'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/agent.rb:96:in `exclusive'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/pipeline_action/create.rb:39:in `execute'", "C:/Users/Miao/Downloads/logstash-6.7.0/logstash-core/lib/logstash/agent.rb:334:in `block in converge_state'"]}
[2019-04-01T11:28:37,201][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
How can I fix the error Unknown setting 'protocol' for elasticsearch
?