-
Notifications
You must be signed in to change notification settings - Fork 129
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New data not generating for logstash output with proxy server. #2992
Comments
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
@amolnater-qasource Kindly review |
Secondary review for this ticket is Done |
Looking at the configuration I see an ES and an LS output defined: outputs:
c83b92b0-1a4f-11ee-9969-4bbdb32e834c:
hosts:
- 54.163.27.249:5044
proxy_url: http://54.167.55.200:3128
ssl:
certificate: <REDACTED>
certificate_authorities: <REDACTED>
key: <REDACTED>
type: logstash
default:
api_key: <REDACTED>
hosts:
- https://0dd2580f6ca74c8784ca47d9767439a9.europe-west1.gcp.cloud.es.io:443
proxy_url: http://54.167.55.200:3128
type: elasticsearch The default ES output is only used for monitoring, the LS output is used for everything else. In state.yaml I see all of the LS output units are failed: - id: log-c83b92b0-1a4f-11ee-9969-4bbdb32e834c
state:
state: 2
message: 'Healthy: communicating with pid ''726'''
units:
? unittype: 0
unitid: log-c83b92b0-1a4f-11ee-9969-4bbdb32e834c-logfile-system-fa3b1444-a61e-457d-8bbd-95a7e3b73b72
: state: 1
message: Configuring
? unittype: 1
unitid: log-c83b92b0-1a4f-11ee-9969-4bbdb32e834c
: state: 4
message: 'could not start output: failed to reload output: more than one namespace
configured' This is the same problem as #2554, but how we got into this state appears to be different. Looking at the logs I see: {"log.level":"error","@timestamp":"2023-07-05T06:11:11.642Z","log.origin":{"file.name":"coordinator/coordinator.go","file.line":991},"message":"Unit state changed log-c83b92b0-1a4f-11ee-9969-4bbdb32e834c (STARTING->FAILED): could not start output: failed to reload output: proxy: unknown scheme: http accessing 'logstash'","log":{"source":"elastic-agent"},"component":{"id":"log-c83b92b0-1a4f-11ee-9969-4bbdb32e834c","state":"HEALTHY"},"unit":{"id":"log-c83b92b0-1a4f-11ee-9969-4bbdb32e834c","type":"output","state":"FAILED","old_state":"STARTING"},"ecs.version":"1.6.0"} The problem is that an HTTP proxy was configured for Logstash, Logstash only supports SOCKS5 proxies: |
@jlind23 @juliaElastic it might be worth putting a note in the Fleet UI that Logstash only supports SOCKS5 proxies, or to prevent configuring proxies that use the http or https schemes with Logstash. The error here is not very obvious as is, although I think it might improve once #2554 is fixed. I am going to close this because the behaviour is expected, we can reopen and transfer to Fleet if we want to adjust the wording here. |
@cmacknz it is already stated in the docs that only SOCK5 is usable - https://www.elastic.co/guide/en/fleet/current/logstash-output.html |
Kibana Build details:
Host OS and Browser version: All, All
Preconditions:
Steps to reproduce:
Expected:
New data should generate for logstash output with proxy server.
What's working fine
Screen Shot:
Debug Logs:
elastic-agent-diagnostics-2023-07-05T06-19-09Z-00.zip
The text was updated successfully, but these errors were encountered: