elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch,elasticsearch,logstash,filebeat,elasticsearch,Logstash,Filebeat" /> elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch,elasticsearch,logstash,filebeat,elasticsearch,Logstash,Filebeat" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch

elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch

logstash

elasticsearch 日志存储错误,启用ssl后无法连接elasticsearch,elasticsearch,logstash,filebeat,elasticsearch,Logstash,Filebeat,我有一个麋鹿设置(1个主ES,3个工人ES,1个logstash,1个kibana),filebeat是日志收集器/发射器。启用x-pack和TLS后,ES和Kibana工作正常。问题在于logstash。我目前在/var/log/logstash/logstash plain.log中看到这个错误 [ERROR][logstash.javapipeline][filebeat]管道由于以下原因中止 错误{:pipeline_id=>“filebeat”, :exception=>#, :bac

我有一个麋鹿设置(1个主ES,3个工人ES,1个logstash,1个kibana),filebeat是日志收集器/发射器。启用x-pack和TLS后,ES和Kibana工作正常。问题在于logstash。我目前在
/var/log/logstash/logstash plain.log
中看到这个错误

[ERROR][logstash.javapipeline][filebeat]管道由于以下原因中止 错误{:pipeline_id=>“filebeat”, :exception=>#, :backtrace=>[“/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `初始化“”中的块

我还可以在elasticsearch主服务器中看到以下日志:

[2020-09-01T07:13:20323]警告 ][o.e.x.c.s.t.n.SecurityNetty4Transport][esmasternode1]已收到 加密通道上的明文通信量,正在关闭连接 Netty4TCPCChannel{localAddress=/10.1.1.6:9300, remoteAddress=/publicipaddress:35166}[2020-09-01T07:13:20865][WARN ][o.e.t.TCPTTransport][esmasternode1]发现异常 传输层[netty4tcpcchannel{localAddress=/10.1.1.6:9300, remoteAddress=/publicipaddress:35326}],正在关闭连接

下面是我的logstash和filebeat配置。我已经将logstash设置为filebeat中的输出,将filebeat设置为logstash配置中的输入

Logstash.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/logstashcert.crt"
    ssl_key => "/etc/logstash/logstashcert.key"
  }
}

filter { json { source => "message" remove_field => [ "message" ] } }

output {
  elasticsearch {
  hosts => ["https://esmasterprivateIP:9200"]
    index => "logs-%{+YYYY-MM-dd}"
    manage_template => true
    template => "/etc/logstash/conf.d/template.json"
    template_name => "mytemplate"
    ssl => true
    cacert => '/home/ubuntu/esca.pem'
    user => logstash_user
    password => mypassword

  }
}


    output.logstash:
      workers: 2
      enabled: true
      protocol: "https"
      hosts: ['logstashprivateip:5044']
      path: "/"
      ssl:
      certificate_authorities: [“/etc/tls.crt”]
Filebeat.conf

input {
  beats {
    port => 5044
    ssl => true
    ssl_certificate => "/etc/logstash/logstashcert.crt"
    ssl_key => "/etc/logstash/logstashcert.key"
  }
}

filter { json { source => "message" remove_field => [ "message" ] } }

output {
  elasticsearch {
  hosts => ["https://esmasterprivateIP:9200"]
    index => "logs-%{+YYYY-MM-dd}"
    manage_template => true
    template => "/etc/logstash/conf.d/template.json"
    template_name => "mytemplate"
    ssl => true
    cacert => '/home/ubuntu/esca.pem'
    user => logstash_user
    password => mypassword

  }
}


    output.logstash:
      workers: 2
      enabled: true
      protocol: "https"
      hosts: ['logstashprivateip:5044']
      path: "/"
      ssl:
      certificate_authorities: [“/etc/tls.crt”]
我无法找出我的错误所在

注意:Filebeat在kubernetes中运行,因此在通过configmap时,配置看起来可能略有不同