Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with logstash after upgrade #112

Open
Brainmoustache opened this issue Apr 19, 2018 · 12 comments
Open

Problem with logstash after upgrade #112

Brainmoustache opened this issue Apr 19, 2018 · 12 comments

Comments

@Brainmoustache
Copy link

After the upgrade of Selks distro (to 4.1) logstash have trouble to restart.
I do not get any alert and traffic values on the kibana dashboard.

This is the error in the log file :

[2018-04-19T08:27:00,017][ERROR][logstash.pipeline ] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash. {"exception"=>"undefined method tr' for -73.6992:Float", "backtrace"=>["/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:344:in convert_float'", "org/jruby/RubyMethod.java:120:in call'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:309:in convert'", "org/jruby/RubyArray.java:2414:in map'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:309:in convert'", "org/jruby/RubyHash.java:1342:in each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:299:in convert'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:252:in filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:145:in do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:164:in multi_filter'", "org/jruby/RubyArray.java:1613:in each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:161:in multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filter_delegator.rb:46:in multi_filter'", "(eval):833:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):829:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):847:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):844:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):863:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):858:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):311:in filter_func'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:398:in filter_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:379:in worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:342:in start_workers'"]}
[2018-04-19T08:27:00,024][ERROR][logstash.pipeline ] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash. {"exception"=>"undefined method tr' for -73.6992:Float", "backtrace"=>["/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:344:in convert_float'", "org/jruby/RubyMethod.java:120:in call'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:309:in convert'", "org/jruby/RubyArray.java:2414:in map'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:309:in convert'", "org/jruby/RubyHash.java:1342:in each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:299:in convert'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:252:in filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:145:in do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:164:in multi_filter'", "org/jruby/RubyArray.java:1613:in each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:161:in multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filter_delegator.rb:46:in multi_filter'", "(eval):833:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):829:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):847:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):844:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):863:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):858:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):311:in filter_func'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:398:in filter_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:379:in worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:342:in start_workers'"]}
[2018-04-19T08:27:00,218][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<NoMethodError: undefined method tr' for -73.6992:Float>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:344:in convert_float'", "org/jruby/RubyMethod.java:120:in call'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:309:in convert'", "org/jruby/RubyArray.java:2414:in map'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:309:in convert'", "org/jruby/RubyHash.java:1342:in each'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:299:in convert'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-mutate-3.3.1/lib/logstash/filters/mutate.rb:252:in filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:145:in do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:164:in multi_filter'", "org/jruby/RubyArray.java:1613:in each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:161:in multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filter_delegator.rb:46:in multi_filter'", "(eval):833:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):829:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):847:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):844:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):863:in initialize'", "org/jruby/RubyArray.java:1613:in each'", "(eval):858:in initialize'", "org/jruby/RubyProc.java:281:in call'", "(eval):311:in filter_func'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:398:in filter_batch'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:379:in worker_loop'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:342:in start_workers'"]}
@pevma
Copy link
Member

pevma commented Apr 19, 2018

How did you upgrade ?

@Brainmoustache
Copy link
Author

With the upgrade script locate in the /opt/selks/Script/Setup/selks-upgrade_stamus.sh
I tried the process with saying yes and no to logstash upgrade.
Both upgrade didn't work.

@pevma
Copy link
Member

pevma commented Apr 19, 2018

That was a regular upgrade right ? aka not SELKS 3 to SELKS 4 for example ?

What is the output of dpkg -l |grep logstash ?

@Brainmoustache
Copy link
Author

It's was a regular upgrade.
Following is the result of the command dpkg -l | grep logstash:

ii logstash 1:5.6.9-1 all An extensible logging pipeline

@dgrgicevic
Copy link

dgrgicevic commented Apr 19, 2018 via email

@Brainmoustache
Copy link
Author

Problem solved.
Thank you.

@pevma
Copy link
Member

pevma commented Apr 19, 2018

Thanks for the feedback!
Is this the fix - lower version install or the fix is to reinstall the plugin ?

@dgrgicevic
Copy link

dgrgicevic commented Apr 19, 2018 via email

@Brainmoustache
Copy link
Author

The fix is to lower the version install.

@pevma
Copy link
Member

pevma commented Apr 19, 2018
edited
Loading

Seems the other fix that I have found currently is to change the mutate statements form float to float_eu in /etc/logstash/conf.d/logstash.conf like so :

  if [src_ip]  {
    geoip {
      source => "src_ip" 
      target => "geoip" 
      #database => "/opt/logstash/vendor/geoip/GeoLiteCity.dat" 
      add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
      add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
    }
    mutate {
      convert => [ "[geoip][coordinates]", "float_eu" ]
    }
    if ![geoip.ip] {
      if [dest_ip]  {
        geoip {
          source => "dest_ip"
          target => "geoip"
          #database => "/opt/logstash/vendor/geoip/GeoLiteCity.dat"
          add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
          add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
        }
        mutate {
          convert => [ "[geoip][coordinates]", "float_eu" ]
        }
      }
    }
  }
}

based on the chnages in 5.6.9 that are described here - https://www.elastic.co/guide/en/logstash/current/plugins-filters-mutate.html#plugins-filters-mutate-convert

Feedback is appreciated !!

@pevma pevma mentioned this issue Apr 20, 2018
Open
@tmarvi tmarvi mentioned this issue May 1, 2018
Closed
@Nimdy
Copy link

Nimdy commented May 4, 2018

wow, I have been bashing my face in for awhile now...

When will this be added to the wiki for steps to take after install?

I downloaded the ISO from the website, ran the updates, restarted.... nothing worked! Then I finally found this and everything works!

@pevma
Copy link
Member

pevma commented May 4, 2018

It is updated here now - https://github.com/StamusNetworks/SELKS/wiki/Logstash-5.6.9-breaking-upgrade

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pevma @Nimdy @dgrgicevic @Brainmoustache