Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Logstash output to Elasticsearch on AWS EC2

I'm having trouble configuring logstash to output to an Elasticsearch cluster on AWS EC2.

I'm using Logstash version 1.1.5 and Elasticsearch 1.19.8.

This is my output configuration in logstash:

output {
  stdout { debug => true debug_format => "json"}
  elasticsearch {
    cluster => "logstash-searcher"
    node_name => "logstash-indexer"
  }
}

and this is the corresponding configuration in elasticsearch.yml

cluster.name: logstash-searcher
path.data: /usr/local/elasticsearch/data
path.work: /usr/local/elasticsearch/tmp
path.logs: /usr/local/elasticsearch/logs
path.plugins: /usr/local/elasticsearch/plugins
bootstrap.mlockall: true
cloud.aws.region: eu-west-1
cloud.aws.access_key: --
cloud.aws.secret_key: --
discovery.type: ec2
discovery.ec2.host_type: public_ip
discovery.ec2.groups: elasticsearch
gateway.type: s3
gateway.s3.bucket: es-logstash

transport.tcp.port: 9300-9400

I start logstash using:

java -jar logstash-1.1.5-monolithic.jar agent -f shipper.conf

And after a while of startup I get these failures:

Failed to index an event, will retry {:exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m], 

My suspicion is that logstash needs to use something like the cloud-aws for its elasticsearch client to be able to find the cluster. Does anyone have an example configuration that works on aws?

like image 468
JonasL Avatar asked Dec 21 '12 12:12

JonasL


People also ask

How do I send Logstash output to Elasticsearch?

Create the configuration file name /etc/logstash/conf.d/30-elasticsearch-output.conf that designates that output should be sent to our Elasticsearch cluster. Note that no AWS credentials (AWS AccessKey or SecretKey) are needed in the configuration, since temporary credentails are available via the IAM Role for EC2.

How do I get Kibana log data into ElasticSearch?

If you plan to use the Kibana web interface, use the Elasticsearch output plugin to get your log data into Elasticsearch. You can run Elasticsearch on your own hardware, or use our hosted Elasticsearch Service on Elastic Cloud. The Elasticsearch Service is available on both AWS and GCP.

What is the default Elasticsearch output config for AWS?

In the simplest case where your ES cluster on AWS is open to the world, you can have a simple elasticsearch output config like this: output { elasticsearch { hosts => 'search-xxxxxxxxxxxx.us-west-2.es.amazonaws.com:80' } } output { elasticsearch { host => 'search-xxxxxxxxxxxx.us-west-2.es.amazonaws.com' port => 80 protocol => 'http' } }

What is the output plugin for Logstash?

The output plugin will handle the SigV4 signing necessary to interact with the Amazon Elasticsearch domain. sudo /opt/logstash/bin/plugin install logstash-output-amazon_es


1 Answers

The problem is that the embedded elasticsearch instance of logstash was using its default discovery mode. Since the elasticsearch cluster is configured with cloud-aws the embedded elasticsearch of logstash needs to as well.

To do that you have to add an elasticsearch.yml configuration file to the working directory of logstash. You also need to supply the cloud-aws plugin by adding it to the class path.

java -cp logstash-1.1.7-monolithic.jar:cloud-aws/* logstash.runner agent -f shipper.conf

Using this configuration I managed to get logstash to output to my elasticsearch cluster.

like image 197
JonasL Avatar answered Oct 13 '22 07:10

JonasL