Search code examples
elasticsearchlogstashelastic-stacklogstash-configuration

Logstash docker image, creating default output I can't override

I am creating a docker image using this Dockerfile

FROM docker.elastic.co/logstash/logstash:5.5.0
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
RUN /usr/share/logstash/bin/logstash-plugin install logstash-filter-clone

and running this image using : 

docker build -t y:y - < ./Dockerfile

and running it using : 

docker run -it --rm -v "$PWD":/config-dir y1:y1 -f /config-dir/logstash.conf

while this is the logstash.yml

input{
        exec{
                command=>'curl -k -i -u admin:admin -s https://some.url'
                interval=>10
                codec=>"json"
                type=>"curl"
        }
} 
output {
 stdout { codec => rubydebug }
 }

my problem is that docker from unknown reason also running there something with elasticsearch output plugin which i cant override

2017-10-18T11:02:33,196][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@elasticsearch:9200/, :path=>"/"}
[2017-10-18T11:02:33,209][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}
[2017-10-18T11:02:33,299][INFO ][logstash.licensechecker.licensereader] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://logstash_system:xxxxxx@elasticsearch:9200/, :path=>"/"}
[2017-10-18T11:02:33,311][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@elasticsearch:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch"}

I tried exec into the container and find out where this configuration exist but failed, I struggle to understand where this elastic search output plugin is configured and how to disable it?

Solution

  • You need to disable the XPack monitoring bit. Logstash tries to send health information to ES but it can't find it.

    Simply add this to your Dockerfile:

    ENV XPACK_MONITORING_ENABLED=false