I have the four containers (Elastic search (8.10.2), Logstash, Kibana, and my application container) running on my local machine and the application is configured to forward logs to Logstash. I was previously using UDP to forward the logs on port 9600 and wanting to change to TCP, but facing some issues in doing so.
Here's my logstash.conf:
input {
tcp {
port => 9600
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "titan-%{+YYYY-MM-dd}"
ilm_enabled => "true"
ilm_rollover_alias => "myapp"
ilm_pattern => "{now/d}-000001"
ilm_policy => "myapp-policy"
user => "elastic"
password => <elastic-password>
}
}
Logstash service:
Logstash:
image: logstash:8.10.2
container_name: logstash
restart: always
volumes:
- ./logstash/:/logstash_dir
command: logstash -f /logstash_dir/logstash.conf
depends_on:
- Elasticsearch
ports:
- '9600:9600'
environment:
LS_JAVA_OPTS: "-Xmx512m -Xms512m"
docker-compose of the application:
logging:
driver: syslog
options:
syslog-address: "tcp://localhost:9600"
With the above configuration I'm able to see the index but not getting any data.
Also, the Logstash container throws the following error
warning: thread "[main]<tcp" terminated with exception (report_on_exception is true):
ArgumentError: wrong number of arguments (given 2, expected 0..1)
translate at /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/i18n-1.14.1/lib/i18n.rb:210
inputworker at /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:427
start_input at /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:405
What is it that I'm doing wrong or missing?
A fix for this issue has been merged in github. Also this. If you are running 8.10.x you can downgrade to 8.9.x or upgrade to 8.11.x.
It is related to the JRuby update in 8.10. The i18n code has extensive comments about how calls to the .t alias will fail in different versions of ruby. The call is here.