logstash-plugins / logstash-output-elasticsearch_java Goto Github PK

Java API Implementation of Elasticsearch Output

License: Apache License 2.0

Ruby 96.75% Shell 3.25%

logstash-output-elasticsearch_java's Introduction

NOTE

This repository is now archived as the elasticsearch_java plugin is no longer maintained. This plugin used the node or transport protocols to communicate with elasticsearch. These protocols have been deprecated, and the plugin hasn't been maintained since Elasticsearch 2.1.0.

If you need to send data to elasticsearch using logstash you can use the logstash-output-elasticsearch plugin that ships with Logstash. For more instructions check out our getting started documentation.

Logstash Plugin

This is a plugin for Logstash.

It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

Documentation

Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one central location.

For formatting code or config example, you can use the asciidoc [source,ruby] directive
For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide

Need Help?

Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.

Developing

1. Plugin Developement and Testing

Code

To get started, you'll need JRuby with the Bundler gem installed.
Create a new plugin or clone and existing from the GitHub logstash-plugins organization. We also provide example plugins.
Install dependencies

bundle install

Test

Update your dependencies

bundle install

Run unit tests

bundle exec rspec

Run integration tests

Dependencies: Docker

Before the test suite is run, we will load and run an Elasticsearch instance within a docker container. This container will be cleaned up when suite has finished.

bundle exec rspec --tag integration

2. Running your unpublished Plugin in Logstash

2.1 Run in a local Logstash clone

Edit Logstash Gemfile and add the local plugin path, for example:

gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"

Install plugin

# Logstash 2.3 and higher
bin/logstash-plugin install --no-verify

# Prior to Logstash 2.3
bin/plugin install --no-verify

Run Logstash with your plugin

bin/logstash -e 'filter {awesome {}}'

At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.

2.2 Run in an installed Logstash

You can use the same 2.1 method to run your plugin in an installed Logstash by editing its Gemfile and pointing the :path to your local plugin development directory or you can build the gem and install it using:

Build your plugin gem

gem build logstash-filter-awesome.gemspec

Install the plugin from the Logstash home

# Logstash 2.3 and higher
bin/logstash-plugin install --no-verify

# Prior to Logstash 2.3
bin/plugin install --no-verify

Start Logstash and proceed to test the plugin

Contributing

All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.

Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.

It is more important to the community that you are able to contribute.

For more information about contributing, see the CONTRIBUTING file.

logstash-output-elasticsearch_java's People

Watchers

Forkers

andrewvc talevy jsvd debadair dedemorton lcawl jesse-so-cool isabella232

logstash-output-elasticsearch_java's Issues

Document plugin not being supported anymore

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch_java.html

Starting in 5.0, the only ES output we recommend is the default elasticsearch output (http protocol). We do not intend to support or continue development on this plugin anymore. Let's update the documentation accordingly? @acchen97

The statement indicates that it's easy for users to install even though it's discouraged for us. We may want to add a stronger statement here? For example, there's no indication on this page itself that the plugin is deprecated/unsupported.

This plugin does not ship with Logstash by default, but it is easy to install by running bin/logstash-plugin install logstash-output-elasticsearch_java. Also note that node protocol usage is discouraged. Please use http or transport protocol.

Tests failling on Travis.

This was broken for the last 2 month.
https://travis-ci.org/logstash-plugins/logstash-output-elasticsearch_java/builds/116974973

8.41s$ bundle exec rspec spec && bundle exec rspec spec
Using Accessor#strict_set for specs
RuntimeError: 
    you might need to reinstall the gem which depends on the missing jar or in case there is Jars.lock then resolve the jars with `lock_jars` command
no such file to load -- org/apache/httpcomponents/httpcore/4.4.1/httpcore-4.4.1 (LoadError)
              do_require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/jar-dependencies-0.3.2/lib/jar_dependencies.rb:381
             require_jar at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/jar-dependencies-0.3.2/lib/jar_dependencies.rb:288
  require_jar_with_block at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/jar-dependencies-0.3.2/lib/jar_dependencies.rb:0
             require_jar at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/jar-dependencies-0.3.2/lib/jar_dependencies.rb:287
             require_jar at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/jar-dependencies-0.3.2/lib/jar_dependencies.rb:390
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/manticore-0.5.5-java/lib/manticore_jars.rb:4
                 require at org/jruby/RubyKernel.java:1071
                 require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
        require_relative at file:/home/travis/.rvm/rubies/jruby-1.7.19-d19/lib/jruby.jar!/jruby/kernel19/kernel.rb:24
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/manticore-0.5.5-java/lib/manticore.rb:1
                 require at org/jruby/RubyKernel.java:1071
                 require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/manticore-0.5.5-java/lib/manticore.rb:5
                 require at org/jruby/RubyKernel.java:1071
                 require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:1
                 require at org/jruby/RubyKernel.java:1071
                 require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/elasticsearch-transport-1.0.15/lib/elasticsearch/transport/transport/http/manticore.rb:1
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.3-java/lib/logstash/outputs/elasticsearch/http_client.rb:1
                 require at org/jruby/RubyKernel.java:1071
                 require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.3-java/lib/logstash/outputs/elasticsearch/http_client.rb:5
                 require at org/jruby/RubyKernel.java:1071
                 require at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/polyglot-0.3.5/lib/polyglot.rb:65
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.3-java/lib/logstash/outputs/elasticsearch.rb:1
                 require at org/jruby/RubyKernel.java:1071
           ElasticSearch at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.3-java/lib/logstash/outputs/elasticsearch.rb:49
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch-2.5.3-java/lib/logstash/outputs/elasticsearch.rb:48
                    load at org/jruby/RubyKernel.java:1087
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/lib/logstash/outputs/elasticsearch_java.rb:1
                    each at org/jruby/RubyArray.java:1613
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/lib/logstash/outputs/elasticsearch_java.rb:11
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/spec/es_spec_helper.rb:1
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/spec/es_spec_helper.rb:7
                  (root) at file:/home/travis/.rvm/rubies/jruby-1.7.19-d19/lib/jruby.jar!/jruby/kernel19/kernel.rb:1
        require_relative at file:/home/travis/.rvm/rubies/jruby-1.7.19-d19/lib/jruby.jar!/jruby/kernel19/kernel.rb:24
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/spec/integration/outputs/elasticsearch/node_spec.rb:1
                    load at org/jruby/RubyKernel.java:1087
                  (root) at /home/travis/build/logstash-plugins/logstash-output-elasticsearch_java/vendor/bundle/jruby/1.9/bin/rspec:23
The command "bundle exec rspec spec && bundle exec rspec spec" exited with 1.
cache.2
store build cache
$ bundle clean
Resolving dependencies...
0.00s
3.55schanges detected, packing new archive
uploading archive

Unable to install plugin logstash-output-elasticsearch_java for logstash 5.0.0-alpha5

Please post all product and debugging questions on our forum. Your questions will reach our wider community members there, and if we confirm that there is a bug, then we can open a new issue here.

For all general issues, please provide the following details for fast resolution:

Version: logstash 5.0.0-alpha5
Operating System: rhel 7.2
Config File (if you have sensitive info, please remove it):no
Sample Data:no
Steps to Reproduce:
./logstash-plugin install logstash-output-elasticsearch_java
Validating logstash-output-elasticsearch_java
Installing logstash-output-elasticsearch_java
Plugin version conflict, aborting
ERROR: Installation Aborted, message: Bundler could not find compatible versions for gem "logstash-core-plugin-api":
In snapshot (Gemfile.lock):
logstash-core-plugin-api (= 2.1.10)

In Gemfile:
logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-devutils (>= 0) java depends on
logstash-core-plugin-api (~> 2.0) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

logstash-input-s3 (>= 0) java depends on
logstash-mixin-aws (>= 0) java depends on
logstash-core-plugin-api (<= 2.99, >= 1.60) java

Can't connect to ES with protocol => "node" / LS 2.0.0-1

Hi there,

I have a previously working config from Logstash 2.0.0-rc1-1 which was successfully indexing to Elasticsearch using the node protocol with logstash-output-elasticsearch_java.

After upgrading to Logstash 2.0.0-1 it can no longer connect to ES using the node protocol.

Logstash reports:

Got error to send bulk of actions: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];[SERVICE_UNAVAILABLE/2/no master]; {:level=>:error, :file=>"logstash/outputs/elasticsearch_java.rb", :line=>"478", :method=>"flush"}

There are no errors in the logs on the ES master node, or issues with network connectivity. The ES cluster is green, and responding at all times.

If I change the protocol to "transport", Logstash connects and indexes, however this upsets our monitoring as the Logstash nodes no longer exist in the cluster.

Downgrading Logstash to 2.0.0-rc1-1 immediately resolves the problem, with no other changes required.

Can someone please confirm that node protocol works correctly with Logstash 2.0.0-1?

Configure integration tests to work with boot2docker

Currently, tests fail when running under docker integration via boot2docker

Double always sent as string

I recently upgraded to Logstash 2.1.0 and Elasticsearch 2.1.0.

I'm trying to switch from the elasticsearch output (http) to the elasticsearch_java output (transport). Previously under Logstash 1.5 / Elasticsearch 1.7 we were using transport, and I'd like to do the same now.

I'm running into an issue where fields that were previously being indexed as double values (both with transport under LS 1.5/ ES 1.7, and with the http protocol under LS 2.1 / ES 2.1) are now being sent as string values using the elasticsearch_java output.

After switching from http to transport, we started seeing the following (We have coercion set to false in our index template):

MapperParsingException[failed to parse [test_double]]; nested: IllegalArgumentException[Double value passed as String];

This can be reproduced with a fairly trivial logstash config. We use log-courier, but the input shouldn't matter. The idea is to send some json data that contains double values.

e.g.)

_sample input_

{"message":"hello", "number": 1.2345}

_http_

number will be indexed as a double.

input {
  courier {
    port => "5041"
    ssl_certificate => ""
    ssl_key => ""
    ssl_verify => true
    ssl_verify_ca => ""
  }
}

filter {
  json {
    source => "message"
  }
}

output {
  elasticsearch {
    hosts => ["hostname:9200"]
    template => "/etc/logstash/templates/template.json"
    template_overwrite => true
  }

  stdout { codec => rubydebug }
}

_transport_

number will be sent as string.

input {
  courier {
    port => "5041"
    ssl_certificate => ""
    ssl_key => ""
    ssl_verify => true
    ssl_verify_ca => ""
  }
}

filter {
  json {
    source => "message"
  }
}

output {
  elasticsearch_java {
    hosts => ["hostname:9300"]
    network_host => "0.0.0.0"
    cluster => "logstash"
    template => "/etc/logstash/templates/template.json"
    template_overwrite => true
  }

  stdout { codec => rubydebug }
}

Happy to provide more details. Let me know if this is not the right place to report this.

Add byte-based flush setting

More details here: elastic/logstash#4000

Logstash 2.3.4 getting stuck while attempting to install template in elasticsearch using transport protocol

After discussing the issue in logstash forum posting the issue here.

Whenever I am trying to use logstash 2.3.4with the below config it is getting stuck.

input {
    kafka {
        zk_connect => "kafka:2181"
        group_id => "logstash"
        topic_id => "logstash_logs2"
        reset_beginning => false
        consumer_threads => 3
    }
}

filter {
  if [app] == "walle_slowquery" or [app] == "walle_slowindex" {
    ruby {
        code => "event['timestamp'] = event['@timestamp']"
    }
  }
  grok {
    match => [
     "timestamp", "^(?<app_log_time>%{YEAR}-%{MONTHNUM}-%{MONTHDAY})"
    ]
  }
  mutate {
    rename => {
      "app_log_time" => "[@metadata][app_log_time]"
    }
  }
}

output {
  if [env] == "prod" or [env] == "common" {
    elasticsearch_java {
      #For daily index creation used the time notation, Remove if not required.
      index => "jabong-%{env}-%{app}-%{iver}-%{[@metadata][app_log_time]}"
      cluster => "elasticsearch"
      network_host => "172.16.84.230"
      hosts => ["es-master1:9300", "es-master2:9300", "es-master3:9300"]
      protocol => "transport"
    }
    file {
      path => "/var/log/shop/%{env}/%{app}/%{app}_%{host}_%{[@metadata][app_log_time]}.log"
    }
    stdout { codec => rubydebug }
  }
}

The log that I am seeing when starting logstash with debug flag is below:-

root@logstash-indexer:/opt/logstash-2.3.4# bin/logstash -f conf/logstash_indexer.conf --debug
Reading config file {:config_file=>"/opt/logstash-2.3.4/conf/logstash_indexer.conf", :level=>:debug, :file=>"logstash/config/loader.rb", :line=>"69", :method=>"local_config"}
Plugin not defined in namespace, checking for plugin file {:type=>"input", :name=>"kafka", :path=>"logstash/inputs/kafka", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
Plugin not defined in namespace, checking for plugin file {:type=>"codec", :name=>"json", :path=>"logstash/codecs/json", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
config LogStash::Codecs::JSON/@charset = "UTF-8" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@zk_connect = "kafka:2181" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@group_id = "logstash" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@topic_id = "logstash_logs2" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@reset_beginning = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@consumer_threads = 3 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@codec = <LogStash::Codecs::JSON charset=>"UTF-8"> {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@add_field = {} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@white_list = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@black_list = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@auto_offset_reset = "largest" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@auto_commit_interval_ms = 1000 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@queue_size = 20 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@rebalance_max_retries = 4 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@rebalance_backoff_ms = 2000 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@consumer_timeout_ms = -1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@consumer_restart_on_error = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@consumer_restart_sleep_ms = 0 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@decorate_events = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@consumer_id = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@fetch_message_max_bytes = 1048576 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@decoder_class = "kafka.serializer.DefaultDecoder" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Inputs::Kafka/@key_decoder_class = "kafka.serializer.DefaultDecoder" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
Plugin not defined in namespace, checking for plugin file {:type=>"filter", :name=>"ruby", :path=>"logstash/filters/ruby", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
config LogStash::Filters::Ruby/@code = "event['timestamp'] = event['@timestamp']" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Ruby/@add_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Ruby/@remove_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Ruby/@add_field = {} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Ruby/@remove_field = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Ruby/@periodic_flush = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
Plugin not defined in namespace, checking for plugin file {:type=>"filter", :name=>"grok", :path=>"logstash/filters/grok", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
config LogStash::Filters::Grok/@match = {"timestamp"=>"^(?<app_log_time>%{YEAR}-%{MONTHNUM}-%{MONTHDAY})"} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@add_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@remove_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@add_field = {} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@remove_field = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@periodic_flush = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@patterns_dir = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@patterns_files_glob = "*" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@break_on_match = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@named_captures_only = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@keep_empty_captures = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@singles = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@tag_on_failure = ["_grokparsefailure"] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Grok/@overwrite = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
Plugin not defined in namespace, checking for plugin file {:type=>"filter", :name=>"mutate", :path=>"logstash/filters/mutate", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
config LogStash::Filters::Mutate/@rename = {"app_log_time"=>"[@metadata][app_log_time]"} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Mutate/@add_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Mutate/@remove_tag = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Mutate/@add_field = {} {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Mutate/@remove_field = [] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Filters::Mutate/@periodic_flush = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
Plugin not defined in namespace, checking for plugin file {:type=>"output", :name=>"elasticsearch_java", :path=>"logstash/outputs/elasticsearch_java", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
Plugin not defined in namespace, checking for plugin file {:type=>"output", :name=>"file", :path=>"logstash/outputs/file", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
Plugin not defined in namespace, checking for plugin file {:type=>"output", :name=>"stdout", :path=>"logstash/outputs/stdout", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
starting agent {:level=>:info, :file=>"logstash/agent.rb", :line=>"207", :method=>"execute"}
starting pipeline {:id=>"main", :level=>:info, :file=>"logstash/agent.rb", :line=>"469", :method=>"start_pipeline"}
Settings: Default pipeline workers: 12
log4j java properties setup {:log4j_level=>"DEBUG", :level=>:debug, :file=>"logstash/logging.rb", :line=>"89", :method=>"setup_log4j"}
Registering kafka {:group_id=>"logstash", :topic_id=>"logstash_logs2", :zk_connect=>"kafka:2181", :level=>:info, :file=>"logstash/inputs/kafka.rb", :line=>"133", :method=>"register"}
Running kafka {:group_id=>"logstash", :topic_id=>"logstash_logs2", :zk_connect=>"kafka:2181", :level=>:info, :file=>"logstash/inputs/kafka.rb", :line=>"140", :method=>"run"}
Plugin not defined in namespace, checking for plugin file {:type=>"codec", :name=>"plain", :path=>"logstash/codecs/plain", :level=>:debug, :file=>"logstash/plugin.rb", :line=>"76", :method=>"lookup"}
config LogStash::Codecs::Plain/@charset = "UTF-8" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@index = "jabong-%{env}-%{app}-%{iver}-%{[@metadata][app_log_time]}" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@cluster = "elasticsearch" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@network_host = "172.16.84.230" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@hosts = ["172.16.84.230:9300"] {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@protocol = "transport" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@codec = <LogStash::Codecs::Plain charset=>"UTF-8"> {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@workers = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@manage_template = true {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@template_name = "logstash" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@template_overwrite = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@parent = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@flush_size = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@idle_flush_time = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@upsert = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@doc_as_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@max_retries = 3 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@script = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@script_type = "inline" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@script_lang = "" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@script_var_name = "event" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@scripted_upsert = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@retry_max_interval = 2 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@retry_max_items = 500 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@retry_on_conflict = 1 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@pipeline = nil {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@action = "index" {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@max_inflight_requests = 50 {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
config LogStash::Outputs::ElasticSearchJava/@sniffing = false {:level=>:debug, :file=>"logstash/config/mixin.rb", :line=>"153", :method=>"config_init"}
Using mapping template from {:path=>nil, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"6", :method=>"install_template"}
Attempting to install template {:manage_template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"string", "index"=>"not_analyzed"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"float"}, "longitude"=>{"type"=>"float"}}}}}}}, :level=>:info, :file=>"logstash/outputs/elasticsearch/template_manager.rb", :line=>"8", :method=>"install_template"}

I have verified the issue is only with elasticsearch_java output plugin. If I modify my output plugin like below then I am seeing my logs in console.

output {
  if [env] == "prod" or [env] == "common" {
    stdout { codec => rubydebug }
  }
}

The logstash logs also shows the below message:-

Pipeline main started {:file=>"logstash/agent.rb",:line=>"473", :method=>"start_pipeline"}

If I replace the elasticsearch_java with the elasticsearch output plugin then also everything works fine:-

output {
  if [env] == "prod" or [env] == "common" {
    elasticsearch {
      index => "jabong-%{env}-%{app}-%{iver}-%{[@metadata][app_log_time]}"
      hosts => ["es-master1","es-master2","es-master3"]
    }
    file {
      path => "/var/log/shop/%{env}/%{app}/%{app}_%{host}_%{[@metadata][app_log_time]}.log"
    }
    stdout { codec => rubydebug }
  }
}

In my current set-up I am using logstash 1.5.3 there also everything is working fine with the below config:-

input {
    kafka {
        zk_connect => "kafka:2181"
        group_id => "logstash"
        topic_id => "logstash_logs2"
        reset_beginning => false
        consumer_threads => 3
    }
}

filter {
  if [app] == "walle_slowquery" or [app] == "walle_slowindex" {
    ruby {
        code => "event['timestamp'] = event['@timestamp']"
    }
  }
  grok {
    match => [
     "timestamp", "^(?<app_log_time>%{YEAR}-%{MONTHNUM}-%{MONTHDAY})"
    ]
  }
  mutate {
    rename => {
      "app_log_time" => "[@metadata][app_log_time]"
    }
  }
}

output {
  if [env] == "prod" or [env] == "common" {
    elasticsearch {
      index => "jabong-%{env}-%{app}-%{iver}-%{[@metadata][app_log_time]}"
      cluster => "elasticsearch"
      host => ["es-master1:9300", "es-master2:9300","es-master3:9300"]
      protocol => "transport"
    }
    file {
      path => "/var/log/shop/%{env}/%{app}/%{app}_%{host}_%{[@metadata][app_log_time]}.log"
    }
    stdout { codec => rubydebug }
  }
}

Environment:-

OS - Debian 8 - 64 Bit
ElasticSearch Version - 1.7.1
Logstash Version - 2.3.4
logstash-output-elasticsearch_java - 2.1.3
logstash-input-kafka - 2.0.8

network_host is not configured in tests

Currently, the network_host parameters is set to :required, but some tests do not set this.

spec ./spec/unit/outputs/elasticsearch_spec.rb:5 # outputs/elasticsearch_java registration should register
rspec ./spec/unit/outputs/elasticsearch_spec.rb:69 # outputs/elasticsearch_java transport protocol sniffing => false should set the sniffing property to true
rspec ./spec/unit/outputs/elasticsearch_spec.rb:23 # outputs/elasticsearch_java transport protocol host not configured should set host to localhost
rspec ./spec/unit/outputs/elasticsearch_spec.rb:48 # outputs/elasticsearch_java transport protocol sniffing => true should set the sniffing property to true

More detailed errors

This plugin should yield more detailed debug info, as done in the http version: https://github.com/logstash-plugins/logstash-output-elasticsearch/blob/master/lib/logstash/outputs/elasticsearch.rb#L369

This was originall discussed here: logstash-plugins/logstash-output-elasticsearch#225

Add ability to set `transport.publish_host'

Allow settings the transport.publish_host.

This is needed when using private networks for the transport or when running in docker across hosts (e.g. not using --link).

Fix inheritance in protocol.rb

Protocol.rb is a nightmare, and desperately needs to be refactored. Its confusing inheritance contributed to #15 , which was a nasty bug.

Re-enable testing of node protocol in some specs

Moved from: logstash-plugins/logstash-output-elasticsearch#193

locations:

https://github.com/logstash-plugins/logstash-output-elasticsearch/blob/master/spec/integration/outputs/templates_spec.rb#L4
https://github.com/logstash-plugins/logstash-output-elasticsearch/blob/master/spec/integration/outputs/retry_spec.rb#L20

Raise exception when joining two clusters with node

You should not be able to join two clusters with the node protocol, check this by checking the cluster_name setting

Backport type handling from http module

Bring in this patch! logstash-plugins/logstash-output-elasticsearch#283 (comment)

Plugin hangs using node protocol when talking to Shield protected ES with message authentication enabled

Tested with LS 2.1.1 and ES 2.1.1.

Description of problem

In an Elasticsearch cluster protected with Shield and where message authentication is enabled, using the node protocol will fail silently.

How to reproduce

Set up an ES cluster with shield enabled and generate a system key to use for message authentication with bin/shield/syskeygen. Use the following simple config for ES:

shield:
  authc:
    anonymous:
      roles: admin, remote_marvel_agent, marvel_user, kibana4-server
      authz_exception: true
  audit:
    enabled: true

Using the following output configuration in Logstash:

output {
    elasticsearch_java {
        network_host => "localhost"
        protocol => "node"
    }
}

Logstash will "hang" when attempting to first install it's template (running LS with --verbose):

log4j:WARN No appenders could be found for logger (org.apache.http.impl.conn.PoolingHttpClientConnectionManager).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Settings: Default filter workers: 2
Using mapping template from {:path=>nil, :level=>:info}
Attempting to install template {:manage_template=>{"template"=>"logstash-*", "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "omit_norms"=>true}, "dynamic_templates"=>[{"message_field"=>{"match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"string", "index"=>"analyzed", "omit_norms"=>true, "fielddata"=>{"format"=>"disabled"}, "fields"=>{"raw"=>{"type"=>"string", "index"=>"not_analyzed", "doc_values"=>true, "ignore_above"=>256}}}}}, {"float_fields"=>{"match"=>"*", "match_mapping_type"=>"float", "mapping"=>{"type"=>"float", "doc_values"=>true}}}, {"double_fields"=>{"match"=>"*", "match_mapping_type"=>"double", "mapping"=>{"type"=>"double", "doc_values"=>true}}}, {"byte_fields"=>{"match"=>"*", "match_mapping_type"=>"byte", "mapping"=>{"type"=>"byte", "doc_values"=>true}}}, {"short_fields"=>{"match"=>"*", "match_mapping_type"=>"short", "mapping"=>{"type"=>"short", "doc_values"=>true}}}, {"integer_fields"=>{"match"=>"*", "match_mapping_type"=>"integer", "mapping"=>{"type"=>"integer", "doc_values"=>true}}}, {"long_fields"=>{"match"=>"*", "match_mapping_type"=>"long", "mapping"=>{"type"=>"long", "doc_values"=>true}}}, {"date_fields"=>{"match"=>"*", "match_mapping_type"=>"date", "mapping"=>{"type"=>"date", "doc_values"=>true}}}, {"geo_point_fields"=>{"match"=>"*", "match_mapping_type"=>"geo_point", "mapping"=>{"type"=>"geo_point", "doc_values"=>true}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "doc_values"=>true}, "@version"=>{"type"=>"string", "index"=>"not_analyzed", "doc_values"=>true}, "geoip"=>{"type"=>"object", "dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip", "doc_values"=>true}, "location"=>{"type"=>"geo_point", "doc_values"=>true}, "latitude"=>{"type"=>"float", "doc_values"=>true}, "longitude"=>{"type"=>"float", "doc_values"=>true}}}}}}}, :level=>:info}

Meanwhile the Shield audit log reports access denied messages as the Logstash "node" does not have the system key available and therefore is not authorised to join the cluster:

[2015-12-30 11:43:52,312] [Ezekiel] [transport] [access_denied] origin_type=[transport], origin_address=[127.0.0.1], principal=[_es_anonymous_user], action=[internal:discovery/zen/unicast]

What should happen

It should be possible to specify the system key in the LS elasticsearch_java output plugin configuration so that LS can correctly join the ES cluster when using the node protocol. This is currently not possible.

Backport template from http module

Bring in this patch: logstash-plugins/logstash-output-elasticsearch#282

Deprecating Node Protocol

The node protocol is a giant pain for both Logstash users and Logstash developers.

Why node is bad for users:
Users think they can use it to gain a speed boost (which it doesn't actually provide). After trying node they then wind up posting bug reports due to broken configurations (setting up a valid node is more complex than HTTP or transport). This makes for disappointed users and disappointed developers.

Why node is bad for developers:

We waste time debugging node configuration errors
We currently have to maintain an extra logstash-output-elasticsearch-license plugin JUST for the use case of shield / marvel + logstash. Additionally, the error messages generated in this scenario are plain ridiculous to debug.

Why user like node

They can see which Logstashes are active via the Elasticsearch node list (the next major of Logstash will cover this with Metrics however)
perceived speed
multicast discoverability (though we now discourage this in Elasticsearch)

IMHO we should deprecate node soon, and consider removing it in the next major release. Perhaps a community member would be interested in maintaining that as a separate plugin.

Logstash 5.0 compatible

Ubuntu 14.04

Trying to install plugin on logstash 5.0.0 installation:

~ bin/logstash-plugin install logstash-output-elasticsearch_java
Validating logstash-output-elasticsearch_java
Installing logstash-output-elasticsearch_java
Plugin version conflict, aborting
ERROR: Installation Aborted, message: Bundler could not find compatible versions for gem "logstash-core-plugin-api":
  In snapshot (Gemfile.lock):
    logstash-core-plugin-api (= 2.1.16)

  In Gemfile:
    logstash-devutils (~> 1.1) java depends on
      logstash-core-plugin-api (~> 2.0) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-output-file (>= 0) java depends on
      logstash-core-plugin-api (< 2.99, >= 2.0.0) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-output-stdout (>= 0) java depends on
      logstash-core-plugin-api (< 2.99, >= 1.60.1) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-input-s3 (>= 0) java depends on
      logstash-mixin-aws (>= 0) java depends on
        logstash-core-plugin-api (<= 2.99, >= 1.60) java

    logstash-output-elasticsearch_java (>= 0) java depends on
      logstash-core-plugin-api (~> 1.0) java

    logstash-core-plugin-api (>= 0) java

Running `bundle update` will rebuild your snapshot from scratch, using only
the gems in your Gemfile, which may resolve the conflict.
Bundler could not find compatible versions for gem "logstash-core":
  In snapshot (Gemfile.lock):
    logstash-core (= 5.0.0)

  In Gemfile:
    logstash-core-plugin-api (>= 0) java depends on
      logstash-core (= 5.0.0) java

    logstash-output-elasticsearch_java (>= 0) java depends on
      logstash-core (< 3.0.0, >= 2.0.0.beta2) java

    logstash-core (>= 0) java

Running `bundle update` will rebuild your snapshot from scratch, using only
the gems in your Gemfile, which may resolve the conflict.

Add more descriptive Error Messages

Since http and java protocols are not in the same plugin anymore, we do not need to normalize the bulk responses to retrieve the error statuses of each action in the bulk request. This will enable easier logging and fewer code.