Lab4-4

AlexeyBY

Hello,
If I use as:
sudo docker run -d --name elasticsearch -p 9200:9200 -e "discovery.type=single-node"docker.elastic.co/elasticsearch/elasticsearch:7.12.0
curl 172.17.0.3:9200 ---> It's Ok

I got after fluentd --config ./fluent/fluentnginxelastic.conf :

2022-04-03 15:22:52 +0300 [error]: #0 config error file="./fluent/fluentnginxelastic.conf" error_class=Fluent::ConfigError error="Using Elasticsearch client 8.1.0 is not compatible for your Elasticsearch server. Please check your using elasticsearch gem version and Elasticsearch server."
2022-04-03 15:22:53 +0300 [error]: Worker 0 finished unexpectedly with status 2
2022-04-03 15:22:53 +0300 [info]: Received graceful stop

If I use as:
sudo docker run -d --name elasticsearch -p 9200:9200 -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch:8.1.0
curl 172.17.0.3:9200 --> curl: (52) Empty reply from server

I also got after fluentd --config ./fluent/fluentnginxelastic.conf
2022-04-03 15:58:04 +0300 [info]: starting fluentd-1.14.6 pid=15599 ruby="2.7.0"
2022-04-03 15:58:04 +0300 [info]: spawn command to main: cmdline=["/usr/bin/ruby2.7", "-Eascii-8bit:ascii-8bit", "/usr/local/bin/fluentd", "--config", "./fluent/fluentnginxelastic.conf", "--under-supervisor"]
2022-04-03 15:58:05 +0300 [info]: adding match pattern="nginx.**" type="elasticsearch"
The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product.
2022-04-03 15:58:08 +0300 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. Connection refused - connect(2) for 172.17.0.3:9200 (Errno::ECONNREFUSED)
2022-04-03 15:58:08 +0300 [warn]: #0 Remaining retry: 14. Retry to communicate after 2 second(s).
The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product.
2022-04-03 15:58:12 +0300 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. Connection refused - connect(2) for 172.17.0.3:9200 (Errno::ECONNREFUSED)
2022-04-03 15:58:12 +0300 [warn]: #0 Remaining retry: 13. Retry to communicate after 4 second(s).
The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product.
2022-04-03 15:58:20 +0300 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. EOFError (EOFError)
2022-04-03 15:58:20 +0300 [warn]: #0 Remaining retry: 12. Retry to communicate after 8 second(s).

It seems like the version of plugin/elasticsearch/nginx incompatible.

BR,
Alexey

ChristianLacsina964

In this case you will have to install a specific version of the elasticsearch client plugin or try running a higher Elasticsearch version.

The high level steps would be:

• Remove the fluent-plugin-elasticsearch gem that was automatically installed
• Install fluent-plugin-elasticsearch version 5.0.5 (that is what was used in the text)

I will work out the specific commands and post it here within the day, thank you for the report.

joshl

I got a similar error:

The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product.
2022-05-13 22:54:07 +0000 [error]: #0 config error file="/home/ubuntu/labsys/lab4/lab4.conf" error_class=Fluent::ConfigError error="Using Elasticsearch client 8.2.0 is not compatible for your Elasticsearch server. Please check your using elasticsearch gem version and Elasticsearch server."
2022-05-13 22:54:07 +0000 [error]: Worker 0 finished unexpectedly with status 2

Is there an update to this lab 4-4 yet?

ChristianLacsina964

Not yet, though it will be addressed in the upcoming update.

For now, install version 5.0.5 with this command:

sudo fluent-gem install -N fluent-plugin-elasticsearch -v '=5.0.5'

joshl

I've uninstalled 5.2.2 and installed 5.0.5 and got this:

2022-05-14 08:59:47 +0000 [info]: parsing config file is succeeded path="/home/ubuntu/labsys/lab4/lab4.conf" 2022-05-14 08:59:47 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '5.0.5' 2022-05-14 08:59:47 +0000 [info]: gem 'fluent-plugin-mongo' version '1.5.0' 2022-05-14 08:59:47 +0000 [info]: gem 'fluent-plugin-nginx-error-multiline' version '0.2.0' 2022-05-14 08:59:47 +0000 [info]: gem 'fluentd' version '1.14.6' Traceback (most recent call last): 15: from /usr/local/bin/fluentd:23:in

'
14: from /usr/local/bin/fluentd:23:in load' 13: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/bin/fluentd:15:in'
12: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:72:in require' 11: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:72:inrequire'
10: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/command/fluentd.rb:356:in <top (required)>' 9: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/supervisor.rb:668:inrun_supervisor'
8: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/engine.rb:80:in run_configure' 7: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/engine.rb:105:inconfigure'
6: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/root_agent.rb:149:in configure' 5: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/agent.rb:64:inconfigure'
4: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/agent.rb:64:in each' 3: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/agent.rb:74:inblock in configure'
2: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/agent.rb:132:in add_match' 1: from /var/lib/gems/2.7.0/gems/fluentd-1.14.6/lib/fluent/plugin.rb:187:inconfigure'
/var/lib/gems/2.7.0/gems/fluent-plugin-elasticsearch-5.0.5/lib/fluent/plugin/out_elasticsearch.rb:416:in configure': uninitialized constant Elasticsearch::Transport::VERSION (NameError) Did you mean? Elasticsearch::VERSION

I've reinstalled 5.2.2 and got his.

The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product. 2022-05-14 09:43:32 +0000 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. Connection refused - connect(2) for 172.17.0.3:9200 (Errno::ECONNREFUSED) 2022-05-14 09:43:32 +0000 [warn]: #0 Remaining retry: 14. Retry to communicate after 2 second(s). The client is unable to verify that the server is Elasticsearch. Some functionality may not be compatible if the server is running an unsupported product. 2022-05-14 09:43:36 +0000 [warn]: #0 Could not communicate to Elasticsearch, resetting connection and trying again. Connection refused - connect(2) for 172.17.0.3:9200 (Errno::ECONNREFUSED) 2022-05-14 09:43:36 +0000 [warn]: #0 Remaining retry: 13. Retry to communicate after 4 second(s).

ChristianLacsina964

Finally got it to work by installing the v7.13.3 elasticsearch and elasticsearch-transport gems alongside fluent-plugin-elasticsearch v5.0.5:

~$ sudo fluent-gem uninstall elasticsearch elasticsearch-transport fluent-plugin-elasticsearch

~$ sudo fluent-gem install elasticsearch -v 7.13.3

...

~$ sudo fluent-gem install elasticsearch-transport -v 7.13.3

...

~$ sudo fluent-gem install fluent-plugin-elasticsearch -v 5.0.5

...

~$

With the following config:

<source>
  @type tail
  <parse>
    @type nginx
  </parse>
  path /tmp/lab4/nginx/access.log
  pos_file /tmp/lab4/nginx/access.pos
  tag nginx.access
</source>

<source>
  @type tail
  path /tmp/lab4/nginx/error.log
  pos_file /tmp/lab4/nginx/error.pos
  tag nginx.error
  <parse>
    @type nginx_error_multiline
  </parse>
</source>

<match nginx.**>
  @type elasticsearch
  host 172.17.0.3
  port 9200
</match>

It ran successfully:

~$ fluentd -c ~/lab4/lab4.conf

2022-05-14 16:26:05 +0000 [info]: parsing config file is succeeded path="/home/ubuntu/lab4.conf"
2022-05-14 16:26:05 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '5.0.5'
2022-05-14 16:26:05 +0000 [info]: gem 'fluent-plugin-nginx-error-multiline' version '0.2.0'
2022-05-14 16:26:05 +0000 [info]: gem 'fluentd' version '1.14.6'
2022-05-14 16:26:06 +0000 [info]: using configuration file: <ROOT>
  <source>
    @type tail
    path "/tmp/lab4/nginx/access.log"
    pos_file "/tmp/lab4/nginx/access.pos"
    tag "nginx.access"
    <parse>
      @type "nginx"
      unmatched_lines 
    </parse>
  </source>
  <source>
    @type tail
    path "/tmp/lab4/nginx/error.log"
    pos_file "/tmp/lab4/nginx/error.pos"
    tag "nginx.error"
    <parse>
      @type "nginx_error_multiline"
      unmatched_lines 
      format1 /^(?<time>\d{4}\/\d{2}\/\d{2} \d{2}:\d{2}:\d{2}) \[(?<log_level>\w+)\] (?<pid>\d+).(?<tid>\d+): (?<message>.*)/
    </parse>
  </source>
  <match nginx.**>
    @type elasticsearch
    host "127.0.0.1"
    port 9200
  </match>
</ROOT>
2022-05-14 16:26:06 +0000 [info]: starting fluentd-1.14.6 pid=759509 ruby="2.7.0"
2022-05-14 16:26:06 +0000 [info]: spawn command to main:  cmdline=["/usr/bin/ruby2.7", "-Eascii-8bit:ascii-8bit", "/usr/local/bin/fluentd", "-c", "/home/ubuntu/lab4.conf", "--under-supervisor"]
2022-05-14 16:26:06 +0000 [info]: adding match pattern="nginx.**" type="elasticsearch"
2022-05-14 16:26:07 +0000 [warn]: #0 Detected ES 7.x: `_doc` will be used as the document `_type`.
2022-05-14 16:26:07 +0000 [info]: adding source type="tail"
2022-05-14 16:26:07 +0000 [info]: adding source type="tail"
2022-05-14 16:26:07 +0000 [info]: #0 starting fluentd worker pid=759514 ppid=759509 worker=0
2022-05-14 16:26:07 +0000 [info]: #0 following tail of /tmp/lab4/nginx/error.log
2022-05-14 16:26:07 +0000 [info]: #0 following tail of /tmp/lab4/nginx/access.log
2022-05-14 16:26:07 +0000 [info]: #0 fluentd worker is now running worker=0

joshl

Thanks @ChristianLacsina964 ! That works. However, it came with this warning:

warning: 299 Elasticsearch-7.13.3-5d21bea28db1e89ecc1f66311ebdec9dc3aa7d64 "Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone. See https://www.elastic.co/guide/en/elasticsearch/reference/7.13/security-minimal-setup.html to enable security."