I'm trying to install and setup elk but I have a problem in logstash:
[logstash.inputs.tcp][main]/172.16.12.208:56356: initialized channel
[logstash.instrument.periodicpoller.jvm] collector name {:name=>"G1 Young Generation"}
[logstash.inputs.tcp][main][9f02679e3a94122f404c6d9ebecfc0a350eb8573ba6504ea31cd6cefee9e3d74] /172.16.12.208:56356: closing
java.net.SocketException: Connection reset
at sun.nio.ch.SocketChannelImpl.throwConnectionReset(SocketChannelImpl.java:394) ~[?:?]
at sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:426) ~[?:?]
at io.netty.buffer.PooledByteBuf.setBytes(PooledByteBuf.java:256) ~[netty-buffer-4.1.94.Final.jar:4.1.94.Final]
at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1132) ~[netty-buffer-4.1.94.Final.jar:4.1.94.Final]
at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:357) ~[netty-transport-4.1.94.Final.jar:4.1.94.Final]
this is my logstash.config:
input {
tcp {
port => 5000
codec => "json"
}
}
172.16.12.208 is the ip address of the client application. Also, i disabled the ecs_compatibility in logstash.yml (i know it disable the data stream):
pipeline.ecs_compatibility: disabled
After some research i found that this is a bug in logstash: https://github.com/elastic/logstash/issues/15407
I downloaded the newest version of ELK and it works perfect.