Logstash shutdown with Code 0

[dileep9490]

Problem description

I've cloned the repo without changing default settings and did docker compose up it worked. Then changed my logstash's config file's input to take stdin and added stdio to output. I'm logstash is running up and shutting down continuously.

Stack configuration

input {
    stdin { }
}

## Add your filters / logstash plugins configuration here

output {
    stdout { codec => rubydebug }
    elasticsearch {
        hosts => "elasticsearch:9200"
        user => "logstash_internal"
        password => "${LOGSTASH_INTERNAL_PASSWORD}"
    }
}

Docker setup

$ docker version

docker version
Client:
 Cloud integration: v1.0.35
 Version:           24.0.2
 API version:       1.43
 Go version:        go1.20.4
 Git commit:        cb74dfc
 Built:             Thu May 25 21:51:16 2023
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

Server: Docker Desktop 4.21.1 (114176)
 Engine:
  Version:          24.0.2
  API version:      1.43 (minimum version 1.12)
  Go version:       go1.20.4
  Git commit:       659604f
  Built:            Thu May 25 21:50:59 2023
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.6.21
  GitCommit:        3dce8eb055cbb6872793272b4f20ed16117344f8
 runc:
  Version:          1.1.7
  GitCommit:        v1.1.7-0-g860f061
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

$ docker-compose version

Docker Compose version v2.19.1

Container logs

$ docker-compose logs

docker-elk-logstash-1       | Using bundled JDK: /usr/share/logstash/jdk
docker-elk-logstash-1       | /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_int
docker-elk-logstash-1       | /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_f
docker-elk-logstash-1       | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
docker-elk-logstash-1       | [2024-05-01T06:00:31,217][INFO ][logstash.runner          ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
docker-elk-logstash-1       | [2024-05-01T06:00:31,219][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"8.13.2", "jruby.version"=>"jruby 9.4.5.0 (3.1.4) 2023-11-02 1abae2700f OpenJDK 64-Bit Server VM 17.0.10+7 on 17.0.10+7 +indy +jit [aarch64-linux]"}
docker-elk-logstash-1       | [2024-05-01T06:00:31,220][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Dlogstash.jackson.stream-read-constraints.max-string-length=200000000, -Dlogstash.jackson.stream-read-constraints.max-number-length=10000, -Dls.cgroup.cpuacct.path.override=/, -Dls.cgroup.cpu.path.override=/, -Xms256m, -Xmx256m, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED, -Dio.netty.allocator.maxOrder=11]
docker-elk-logstash-1       | [2024-05-01T06:00:31,221][INFO ][logstash.runner          ] Jackson default value override `logstash.jackson.stream-read-constraints.max-string-length` configured to `200000000`
docker-elk-logstash-1       | [2024-05-01T06:00:31,221][INFO ][logstash.runner          ] Jackson default value override `logstash.jackson.stream-read-constraints.max-number-length` configured to `10000`
docker-elk-logstash-1       | [2024-05-01T06:00:31,551][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
docker-elk-logstash-1       | [2024-05-01T06:00:31,654][INFO ][org.reflections.Reflections] Reflections took 69 ms to scan 1 urls, producing 132 keys and 468 values
docker-elk-logstash-1       | [2024-05-01T06:00:31,718][INFO ][logstash.javapipeline    ] Pipeline `main` is configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this pipeline will default to `ecs_compatibility => v8` unless explicitly configured otherwise.
docker-elk-logstash-1       | [2024-05-01T06:00:31,724][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//elasticsearch:9200"]}
docker-elk-logstash-1       | [2024-05-01T06:00:31,777][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://logstash_internal:xxxxxx@elasticsearch:9200/]}}
docker-elk-logstash-1       | [2024-05-01T06:00:31,858][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://logstash_internal:xxxxxx@elasticsearch:9200/"}
docker-elk-logstash-1       | [2024-05-01T06:00:31,859][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (8.13.2) {:es_version=>8}
docker-elk-logstash-1       | [2024-05-01T06:00:31,859][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
docker-elk-logstash-1       | [2024-05-01T06:00:31,871][INFO ][logstash.outputs.elasticsearch][main] Data streams auto configuration (`data_stream => auto` or unset) resolved to `true`
docker-elk-logstash-1       | [2024-05-01T06:00:31,886][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/usr/share/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0xe495347 /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
docker-elk-logstash-1       | [2024-05-01T06:00:32,087][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>0.2}
docker-elk-logstash-1       | [2024-05-01T06:00:32,097][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
docker-elk-logstash-1       | [2024-05-01T06:00:32,108][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
docker-elk-logstash-1       | [2024-05-01T06:00:32,876][INFO ][logstash.javapipeline    ][main] Pipeline terminated {"pipeline.id"=>"main"}
docker-elk-logstash-1       | [2024-05-01T06:00:33,122][INFO ][logstash.pipelinesregistry] Removed pipeline from registry successfully {:pipeline_id=>:main}
docker-elk-logstash-1       | [2024-05-01T06:00:33,134][INFO ][logstash.runner          ] Logstash shut down.
docker-elk-logstash-1 exited with code 0

[antoineco]

My assumption is that there is nothing redirected or piped to Logstash's standard input. This is expected because compose up isn't interactive (it doesn't attach to the containers' stdin). In this case, the input is essentially always closed, which probably causes Logstash to terminate.

You could try adding tty: true to the logstash service inside the Compose file, which will allow you to later attach to the Logstash container.

[dileep9490]

I've udpated my docker compose and this is my docker-compose.yml contents:

Docker Compose

version: "3.7"

services:
  # The 'setup' service runs a one-off script which initializes users inside
  # Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the
  # values of the passwords defined in the '.env' file. It also creates the
  # roles required by some of these users.
  #
  # This task only needs to be performed once, during the *initial* startup of
  # the stack. Any subsequent run will reset the passwords of existing users to
  # the values defined inside the '.env' file, and the built-in roles to their
  # default permissions.
  #
  # By default, it is excluded from the services started by 'docker compose up'
  # due to the non-default profile it belongs to. To run it, either provide the
  # '--profile=setup' CLI flag to Compose commands, or "up" the service by name
  # such as 'docker compose up setup'.
  setup:
    profiles:
      - setup
    build:
      context: setup/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    init: true
    volumes:
      - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z
      - ./setup/lib.sh:/lib.sh:ro,Z
      - ./setup/roles:/roles:ro,Z
    environment:
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
      KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
      METRICBEAT_INTERNAL_PASSWORD: ${METRICBEAT_INTERNAL_PASSWORD:-}
      FILEBEAT_INTERNAL_PASSWORD: ${FILEBEAT_INTERNAL_PASSWORD:-}
      HEARTBEAT_INTERNAL_PASSWORD: ${HEARTBEAT_INTERNAL_PASSWORD:-}
      MONITORING_INTERNAL_PASSWORD: ${MONITORING_INTERNAL_PASSWORD:-}
      BEATS_SYSTEM_PASSWORD: ${BEATS_SYSTEM_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch

  elasticsearch:
    build:
      context: elasticsearch/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,Z
      - elasticsearch:/usr/share/elasticsearch/data:Z
    ports:
      - 9200:9200
      - 9300:9300
    environment:
      node.name: elasticsearch
      ES_JAVA_OPTS: -Xms512m -Xmx512m
      # Bootstrap password.
      # Used to initialize the keystore during the initial startup of
      # Elasticsearch. Ignored on subsequent runs.
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
      discovery.type: single-node
    networks:
      - elk
    restart: unless-stopped

  logstash:
    tty: true
    build:
      context: logstash/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro,Z
    ports:
      - 5044:5044
      - 50000:50000/tcp
      - 50000:50000/udp
      - 9600:9600
    environment:
      LS_JAVA_OPTS: -Xms256m -Xmx256m
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch
    restart: unless-stopped

  kibana:
    build:
      context: kibana/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
    ports:
      - 5601:5601
    environment:
      KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch
    restart: unless-stopped

networks:
  elk:
    driver: bridge

volumes:
  elasticsearch:

I'm getting error ECONNREFUSED in the logs When I gave my input to stdin it didn't print out or push it to elasticsearch.

logstash Config file

input {
    stdin { }
}

## Add your filters / logstash plugins configuration here

output {
    stdout { codec => rubydebug }
    elasticsearch {
        hosts => "elasticsearch:9200"
        user => "logstash_internal"
        index => "test"
        password => "${LOGSTASH_INTERNAL_PASSWORD}"
    }
}

Console output

[+] Running 3/0
 ✔ Container docker-elk-elasticsearch-1  Created                                                                                                 0.0s
 ✔ Container docker-elk-kibana-1         Created                                                                                                 0.0s
 ✔ Container docker-elk-logstash-1       Created                                                                                                 0.0s
Attaching to docker-elk-elasticsearch-1, docker-elk-kibana-1, docker-elk-logstash-1
docker-elk-logstash-1       | Using bundled JDK: /usr/share/logstash/jdk
docker-elk-kibana-1         | Kibana is currently running with legacy OpenSSL providers enabled! For details and instructions on how to disable see https://www.elastic.co/guide/en/kibana/8.13/production.html#openssl-legacy-provider
docker-elk-kibana-1         | {"log.level":"info","@timestamp":"2024-05-01T08:08:20.387Z","log.logger":"elastic-apm-node","ecs.version":"8.10.0","agentVersion":"4.4.0","env":{"pid":7,"proctitle":"/usr/share/kibana/bin/../node/bin/node","os":"linux 5.15.49-linuxkit-pr","arch":"arm64","host":"6d00f1629e05","timezone":"UTC+00","runtime":"Node.js v20.12.1"},"config":{"active":{"source":"start","value":true},"breakdownMetrics":{"source":"start","value":false},"captureBody":{"source":"start","value":"off","commonName":"capture_body"},"captureHeaders":{"source":"start","value":false},"centralConfig":{"source":"start","value":false},"contextPropagationOnly":{"source":"start","value":true},"environment":{"source":"start","value":"production"},"globalLabels":{"source":"start","value":[["kibana_uuid","5a5fb042-492a-4da1-ad1d-e8677c159c96"],["git_rev","d4d06bdf0d1d5dcb4532f00d2cbaa83fc61bb877"]],"sourceValue":{"kibana_uuid":"5a5fb042-492a-4da1-ad1d-e8677c159c96","git_rev":"d4d06bdf0d1d5dcb4532f00d2cbaa83fc61bb877"}},"logLevel":{"source":"default","value":"info","commonName":"log_level"},"metricsInterval":{"source":"start","value":120,"sourceValue":"120s"},"serverUrl":{"source":"start","value":"https://kibana-cloud-apm.apm.us-east-1.aws.found.io/","commonName":"server_url"},"transactionSampleRate":{"source":"start","value":0.1,"commonName":"transaction_sample_rate"},"captureSpanStackTraces":{"source":"start","sourceValue":false},"secretToken":{"source":"start","value":"[REDACTED]","commonName":"secret_token"},"serviceName":{"source":"start","value":"kibana","commonName":"service_name"},"serviceVersion":{"source":"start","value":"8.13.2","commonName":"service_version"}},"activationMethod":"require","message":"Elastic APM Node.js Agent v4.4.0"}
docker-elk-kibana-1         | Native global console methods have been overridden in production environment.
docker-elk-kibana-1         | [2024-05-01T08:08:21.190+00:00][INFO ][root] Kibana is starting
docker-elk-kibana-1         | [2024-05-01T08:08:21.234+00:00][INFO ][node] Kibana process configured with roles: [background_tasks, ui]
docker-elk-elasticsearch-1  | May 01, 2024 8:08:22 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
docker-elk-elasticsearch-1  | WARNING: COMPAT locale provider will be removed in a future release
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:22.612Z", "log.level": "INFO", "message":"Using [jdk] native provider and native methods for [Linux]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.nativeaccess.NativeAccess","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:23.025Z", "log.level": "INFO", "message":"Java vector incubator API enabled; uses preferredBitSize=128; FMA enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.apache.lucene.internal.vectorization.PanamaVectorizationProvider","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:23.438Z", "log.level": "INFO", "message":"version[8.13.2], pid[119], build[docker/16cc90cd2d08a3147ce02b07e50894bc060a4cbf/2024-04-05T14:45:26.420424304Z], OS[Linux/5.15.49-linuxkit-pr/aarch64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/21.0.2/21.0.2+13-58]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:23.438Z", "log.level": "INFO", "message":"JVM home [/usr/share/elasticsearch/jdk], using bundled JDK [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:23.438Z", "log.level": "INFO", "message":"JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=org.elasticsearch.preallocate, --enable-native-access=org.elasticsearch.nativeaccess, -Des.cgroups.hierarchy.override=/, -XX:ReplayDataFile=logs/replay_pid%p.log, -Des.distribution.type=docker, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-7337472918440198748, --add-modules=jdk.incubator.vector, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, --module-path=/usr/share/elasticsearch/lib, --add-modules=jdk.net, --add-modules=ALL-MODULE-PATH, -Djdk.module.main=org.elasticsearch.server]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:23.438Z", "log.level": "INFO", "message":"Default Locale [en_US]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-logstash-1       | /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_int
docker-elk-logstash-1       | /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/concurrent-ruby-1.1.9/lib/concurrent-ruby/concurrent/executor/java_thread_pool_executor.rb:13: warning: method redefined; discarding old to_f
docker-elk-kibana-1         | [2024-05-01T08:08:25.898+00:00][INFO ][plugins-service] The following plugins are disabled: "cloudChat,cloudExperiments,cloudFullStory,profilingDataAccess,profiling,securitySolutionServerless,serverless,serverlessObservability,serverlessSearch".
docker-elk-kibana-1         | [2024-05-01T08:08:25.956+00:00][INFO ][http.server.Preboot] http server running at http://0.0.0.0:5601
docker-elk-kibana-1         | [2024-05-01T08:08:26.034+00:00][INFO ][plugins-system.preboot] Setting up [1] plugins: [interactiveSetup]
docker-elk-kibana-1         | [2024-05-01T08:08:26.109+00:00][WARN ][config.deprecation] The default mechanism for Reporting privileges will work differently in future versions, which will affect the behavior of this cluster. Set "xpack.reporting.roles.enabled" to "false" to adopt the future behavior before upgrading.
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.626Z", "log.level": "INFO", "message":"loaded module [repository-url]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.626Z", "log.level": "INFO", "message":"loaded module [rest-root]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.626Z", "log.level": "INFO", "message":"loaded module [x-pack-core]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.627Z", "log.level": "INFO", "message":"loaded module [x-pack-redact]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.627Z", "log.level": "INFO", "message":"loaded module [ingest-user-agent]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.627Z", "log.level": "INFO", "message":"loaded module [x-pack-async-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [x-pack-monitoring]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [repository-s3]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [x-pack-analytics]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [x-pack-ent-search]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [x-pack-autoscaling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [lang-painless]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.628Z", "log.level": "INFO", "message":"loaded module [x-pack-ml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [legacy-geo]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [lang-mustache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [x-pack-ql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [rank-rrf]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [analysis-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [health-shards-availability]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [transport-netty4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [aggregations]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [ingest-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [x-pack-identity-provider]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [frozen-indices]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [x-pack-text-structure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [x-pack-shutdown]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.629Z", "log.level": "INFO", "message":"loaded module [snapshot-repo-test-kit]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [ml-package-loader]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [kibana]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [constant-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [x-pack-logstash]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [x-pack-graph]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [x-pack-ccr]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [x-pack-esql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [parent-join]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [counted-keyword]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [x-pack-enrich]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [repositories-metering-api]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [transform]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [repository-azure]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [repository-gcs]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [spatial]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [mapper-version]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [apm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [mapper-extras]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [x-pack-rollup]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.630Z", "log.level": "INFO", "message":"loaded module [percolator]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-stack]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [data-streams]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [rank-eval]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [reindex]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-security]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [blob-cache]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [searchable-snapshots]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-slm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [snapshot-based-recoveries]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-watcher]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [old-lucene-versions]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-ilm]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-voting-only-node]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-inference]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-deprecation]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-fleet]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-profiling]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-aggregate-metric]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [x-pack-downsample]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.631Z", "log.level": "INFO", "message":"loaded module [ingest-geoip]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [x-pack-write-load-forecaster]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [search-business-rules]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [wildcard]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [ingest-attachment]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [x-pack-apm-data]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [x-pack-sql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [unsigned-long]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [x-pack-async]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [runtime-fields-common]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [vector-tile]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [lang-expression]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:26.632Z", "log.level": "INFO", "message":"loaded module [x-pack-eql]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.plugins.PluginsService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:27.201Z", "log.level": "INFO", "message":"using [1] data paths, mounts [[/usr/share/elasticsearch/data (/dev/vda1)]], net usable_space [8.1gb], net total_space [58.3gb], types [ext4]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:27.202Z", "log.level": "INFO", "message":"heap size [512mb], compressed ordinary object pointers [true]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.env.NodeEnvironment","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:27.265Z", "log.level": "INFO", "message":"node name [elasticsearch], node ID [L0DenxN9QauMLp6-VVnHBw], cluster name [docker-cluster], roles [transform, data_content, data_warm, master, remote_cluster_client, data, data_cold, ingest, data_frozen, ml, data_hot]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-kibana-1         | [2024-05-01T08:08:28.121+00:00][INFO ][plugins-system.standard] Setting up [149] plugins: [devTools,translations,share,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,taskManager,kibanaUsageCollection,cloud,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldFormats,expressions,screenshotting,esUiShared,customIntegrations,contentManagement,dataViews,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,eventLog,actions,notifications,cloudDataMigration,advancedSettings,grokdebugger,console,bfetch,data,savedObjectsTagging,savedObjectsManagement,unifiedSearch,graph,alerting,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,dashboard,lens,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,metricsDataAccess,aiops,links,discover,reporting,canvas,fleet,osquery,logsExplorer,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,datasetQuality,cloudSecurityPosture,cloudDefend,discoverEnhanced,maps,dataVisualizer,ml,observabilityAIAssistant,logsShared,observabilityLogsExplorer,enterpriseSearch,observability,uptime,synthetics,observabilityOnboarding,elasticAssistant,securitySolution,securitySolutionEss,dashboardEnhanced,apmDataAccess,infra,upgradeAssistant,monitoring,logstash,assetManager,apm,ux]
docker-elk-kibana-1         | [2024-05-01T08:08:28.242+00:00][INFO ][plugins.taskManager] TaskManager is identified by the Kibana UUID: 5a5fb042-492a-4da1-ad1d-e8677c159c96
docker-elk-kibana-1         | [2024-05-01T08:08:28.424+00:00][INFO ][custom-branding-service] CustomBrandingService registering plugin: customBranding
docker-elk-kibana-1         | [2024-05-01T08:08:28.758+00:00][WARN ][plugins.screenshotting.config] Chromium sandbox provides an additional layer of protection, but is not supported for Linux Ubuntu 20.04 OS. Automatically setting 'xpack.screenshotting.browser.chromium.disableSandbox: true'.
docker-elk-kibana-1         | [2024-05-01T08:08:29.006+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
docker-elk-kibana-1         | [2024-05-01T08:08:29.006+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
docker-elk-kibana-1         | [2024-05-01T08:08:29.020+00:00][WARN ][plugins.security.config] Generating a random key for xpack.security.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.security.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
docker-elk-kibana-1         | [2024-05-01T08:08:29.020+00:00][WARN ][plugins.security.config] Session cookies will be transmitted over insecure connections. This is not recommended.
docker-elk-kibana-1         | [2024-05-01T08:08:29.096+00:00][WARN ][plugins.encryptedSavedObjects] Saved objects encryption key is not set. This will severely limit Kibana functionality. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
docker-elk-kibana-1         | [2024-05-01T08:08:29.159+00:00][WARN ][plugins.actions] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
docker-elk-kibana-1         | [2024-05-01T08:08:29.164+00:00][INFO ][plugins.notifications] Email Service Error: Email connector not specified.
docker-elk-kibana-1         | [2024-05-01T08:08:29.296+00:00][WARN ][plugins.alerting] APIs are disabled because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
docker-elk-kibana-1         | [2024-05-01T08:08:29.296+00:00][INFO ][plugins.alerting] using indexes and aliases for persisting alerts
docker-elk-kibana-1         | [2024-05-01T08:08:30.165+00:00][WARN ][plugins.reporting.config] Generating a random key for xpack.reporting.encryptionKey. To prevent sessions from being invalidated on restart, please set xpack.reporting.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
docker-elk-kibana-1         | [2024-05-01T08:08:30.165+00:00][INFO ][plugins.reporting.config] Overriding server host address "0.0.0.0" in Reporting runtime config, using "xpack.reporting.kibanaServer.hostname: localhost".
docker-elk-logstash-1       | Sending Logstash logs to /usr/share/logstash/logs which is now configured via log4j2.properties
docker-elk-kibana-1         | [2024-05-01T08:08:30.582+00:00][INFO ][plugins.cloudSecurityPosture] Registered task successfully [Task: cloud_security_posture-stats_task]
docker-elk-logstash-1       | [2024-05-01T08:08:30,670][INFO ][logstash.runner          ] Log4j configuration path used is: /usr/share/logstash/config/log4j2.properties
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:30,683][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"8.13.2", "jruby.version"=>"jruby 9.4.5.0 (3.1.4) 2023-11-02 1abae2700f OpenJDK 64-Bit Server VM 17.0.10+7 on 17.0.10+7 +indy +jit [aarch64-linux]"}
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:30,686][INFO ][logstash.runner          ] JVM bootstrap flags: [-Xms1g, -Xmx1g, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djruby.compile.invokedynamic=true, -XX:+HeapDumpOnOutOfMemoryError, -Djava.security.egd=file:/dev/urandom, -Dlog4j2.isThreadContextMapInheritable=true, -Dlogstash.jackson.stream-read-constraints.max-string-length=200000000, -Dlogstash.jackson.stream-read-constraints.max-number-length=10000, -Dls.cgroup.cpuacct.path.override=/, -Dls.cgroup.cpu.path.override=/, -Xms256m, -Xmx256m, -Djruby.regexp.interruptible=true, -Djdk.io.File.enableADS=true, --add-exports=jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED, --add-exports=jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED, --add-opens=java.base/java.security=ALL-UNNAMED, --add-opens=java.base/java.io=ALL-UNNAMED, --add-opens=java.base/java.nio.channels=ALL-UNNAMED, --add-opens=java.base/sun.nio.ch=ALL-UNNAMED, --add-opens=java.management/sun.management=ALL-UNNAMED, -Dio.netty.allocator.maxOrder=11]
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:30,688][INFO ][logstash.runner          ] Jackson default value override `logstash.jackson.stream-read-constraints.max-string-length` configured to `200000000`
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:30,690][INFO ][logstash.runner          ] Jackson default value override `logstash.jackson.stream-read-constraints.max-number-length` configured to `10000`
docker-elk-logstash-1       |
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:31.271Z", "log.level": "INFO", "message":"Registered local node features [data_stream.rollover.lazy, desired_node.version_deprecated, features_supported, health.dsl.info, health.extended_repository_indicator, usage.data_tiers.precalculate_stats]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.features.FeatureService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-logstash-1       | [2024-05-01T08:08:31,513][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:31.545Z", "log.level": "INFO", "message":"[controller/142] [Main.cc@123] controller (64 bit): Version 8.13.2 (Build fdd7177d8c1325) Copyright (c) 2024 Elasticsearch BV", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"ml-cpp-log-tail-thread","log.logger":"org.elasticsearch.xpack.ml.process.logging.CppLogMessageHandler","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-logstash-1       | [2024-05-01T08:08:31,600][INFO ][org.reflections.Reflections] Reflections took 102 ms to scan 1 urls, producing 132 keys and 468 values
docker-elk-logstash-1       |
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:31.712Z", "log.level": "INFO", "message":"Sending apm metrics is disabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.telemetry.apm.APM","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:31.713Z", "log.level": "INFO", "message":"Sending apm tracing is disabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.telemetry.apm.APM","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:31.740Z", "log.level": "INFO", "message":"Security is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.Security","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-logstash-1       | /usr/share/logstash/vendor/bundle/jruby/3.1.0/gems/amazing_print-1.6.0/lib/amazing_print/formatter.rb:37: warning: previous definition of cast was here
docker-elk-logstash-1       | [2024-05-01T08:08:31,908][INFO ][logstash.javapipeline    ] Pipeline `main` is configured with `pipeline.ecs_compatibility: v8` setting. All plugins in this pipeline will default to `ecs_compatibility => v8` unless explicitly configured otherwise.
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:31,917][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//elasticsearch:9200"]}
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:32,020][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://logstash_internal:xxxxxx@elasticsearch:9200/]}}
docker-elk-logstash-1       |
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:32.033Z", "log.level": "INFO", "message":"parsed [0] roles from file [/usr/share/elasticsearch/config/roles.yml]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.security.authz.store.FileRolesStore","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-logstash-1       | [2024-05-01T08:08:32,046][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to elasticsearch:9200 [elasticsearch/172.25.0.2] failed: Connection refused", :exception=>Manticore::SocketException, :cause=>#<Java::OrgApacheHttpConn::HttpHostConnectException: Connect to elasticsearch:9200 [elasticsearch/172.25.0.2] failed: Connection refused>}
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:32,047][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://logstash_internal:xxxxxx@elasticsearch:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::SocketException] Connect to elasticsearch:9200 [elasticsearch/172.25.0.2] failed: Connection refused"}
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:32,094][INFO ][logstash.outputs.elasticsearch][main] Not eligible for data streams because config contains one or more settings that are not compatible with data streams: {"index"=>"test"}
docker-elk-logstash-1       | [2024-05-01T08:08:32,094][INFO ][logstash.outputs.elasticsearch][main] Data streams auto configuration (`data_stream => auto` or unset) resolved to `false`
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:32,115][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>500, "pipeline.sources"=>["/usr/share/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0x4d15ba96 /usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:134 run>"}
docker-elk-logstash-1       |
docker-elk-kibana-1         | [2024-05-01T08:08:32.250+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Registering endpoint:user-artifact-packager task with timeout of [20m], interval of [60s] and policy update batch size of [25]
docker-elk-kibana-1         | [2024-05-01T08:08:32.506+00:00][INFO ][plugins.assetManager] Server is NOT enabled
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:32.561Z", "log.level": "INFO", "message":"Watcher initialized components at 2024-05-01T08:08:32.558Z", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.watcher.Watcher","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:32.622Z", "log.level": "INFO", "message":"Profiling is enabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.profiling.ProfilingPlugin","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:32.631Z", "log.level": "INFO", "message":"profiling index templates will not be installed or reinstalled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.profiling.ProfilingPlugin","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:32.634Z", "log.level": "INFO", "message":"APM ingest plugin is disabled", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.apmdata.APMPlugin","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-logstash-1       | [2024-05-01T08:08:32,642][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>0.52}
docker-elk-logstash-1       |
docker-elk-logstash-1       | The stdin plugin is now waiting for input:
docker-elk-logstash-1       | [2024-05-01T08:08:32,693][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
docker-elk-logstash-1       |
docker-elk-logstash-1       | [2024-05-01T08:08:32,704][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
docker-elk-logstash-1       |
docker-elk-kibana-1         | [2024-05-01T08:08:32.724+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. connect ECONNREFUSED 172.25.0.2:9200
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.004Z", "log.level": "INFO", "message":"creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.netty4.NettyAllocator","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.022Z", "log.level": "INFO", "message":"using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.indices.recovery.RecoverySettings","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.046Z", "log.level": "INFO", "message":"using discovery type [single-node] and seed hosts providers [settings]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.discovery.DiscoveryModule","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-kibana-1         | [2024-05-01T08:08:33.391+00:00][INFO ][plugins.screenshotting.chromium] Browser executable: /usr/share/kibana/node_modules/@kbn/screenshotting-plugin/chromium/headless_shell-linux_arm64/headless_shell
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.709Z", "log.level": "INFO", "message":"initialized", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.710Z", "log.level": "INFO", "message":"starting ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.729Z", "log.level": "INFO", "message":"persistent cache index loaded", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.searchablesnapshots.cache.full.PersistentCache","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.729Z", "log.level": "INFO", "message":"deprecation component started", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.xpack.deprecation.logging.DeprecationIndexingComponent","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:33.775Z", "log.level": "INFO", "message":"publish_address {172.25.0.2:9300}, bound_addresses {0.0.0.0:9300}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.transport.TransportService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.110Z", "log.level": "WARN", "message":"Transport SSL must be enabled if security is enabled. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]; for more information see [https://www.elastic.co/guide/en/elasticsearch/reference/8.13/bootstrap-checks-xpack.html#bootstrap-checks-tls]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.BootstrapChecks","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.110Z", "log.level": "INFO", "message":"this node is locked into cluster UUID [xkyuwOlGT6inKeYULs3Ymw] and will not attempt further cluster bootstrapping", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.cluster.coordination.ClusterBootstrapService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.228Z", "log.level": "INFO", "message":"elected-as-master ([1] nodes joined in term 6)[_FINISH_ELECTION_, {elasticsearch}{L0DenxN9QauMLp6-VVnHBw}{I48_C4QnR0aRzrOffbdObQ}{elasticsearch}{172.25.0.2}{172.25.0.2:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000} completing election], term: 6, version: 314, delta: master node changed {previous [], current [{elasticsearch}{L0DenxN9QauMLp6-VVnHBw}{I48_C4QnR0aRzrOffbdObQ}{elasticsearch}{172.25.0.2}{172.25.0.2:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}]}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.MasterService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.272Z", "log.level": "INFO", "message":"master node changed {previous [], current [{elasticsearch}{L0DenxN9QauMLp6-VVnHBw}{I48_C4QnR0aRzrOffbdObQ}{elasticsearch}{172.25.0.2}{172.25.0.2:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}]}, term: 6, version: 314, reason: Publication{term=6, version=314}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.service.ClusterApplierService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.287Z", "log.level": "INFO", "message":"starting file watcher ...", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.common.file.AbstractFileWatchingService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.289Z", "log.level": "INFO", "message":"file settings service up and running [tid=49]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[file-watcher[/usr/share/elasticsearch/config/operator/settings.json]]","log.logger":"org.elasticsearch.common.file.AbstractFileWatchingService","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.292Z", "log.level": "INFO", "message":"publish_address {172.25.0.2:9200}, bound_addresses {0.0.0.0:9200}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.http.AbstractHttpServerTransport","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.317Z", "log.level": "INFO", "message":"node-join: [{elasticsearch}{L0DenxN9QauMLp6-VVnHBw}{I48_C4QnR0aRzrOffbdObQ}{elasticsearch}{172.25.0.2}{172.25.0.2:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}] with reason [completing election]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.coordination.NodeJoinExecutor","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.328Z", "log.level": "INFO", "message":"started {elasticsearch}{L0DenxN9QauMLp6-VVnHBw}{I48_C4QnR0aRzrOffbdObQ}{elasticsearch}{172.25.0.2}{172.25.0.2:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}{ml.config_version=12.0.0, xpack.installed=true, transform.config_version=10.0.0, ml.machine_memory=8232951808, ml.allocated_processors=4, ml.allocated_processors_double=4.0, ml.max_jvm_size=536870912}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.node.Node","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.775Z", "log.level": "INFO", "message":"Authentication of [kibana_system] was terminated by realm [reserved] - failed to authenticate user [kibana_system]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][transport_worker][T#3]","log.logger":"org.elasticsearch.xpack.security.authc.RealmsAuthenticator","trace.id":"ed450aa9acd6165b67faedfb581ba24a","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.827Z", "log.level": "INFO", "message":"license mode is [trial], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.xpack.security.authc.Realms","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.828Z", "log.level": "INFO", "message":"license [0466096f-238e-4c46-9c2a-0fe46543b188] mode [trial] - valid", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][clusterApplierService#updateTask][T#1]","log.logger":"org.elasticsearch.license.ClusterStateLicenseService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:34.829Z", "log.level": "INFO", "message":"recovered [34] indices into cluster_state", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.gateway.GatewayService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:35.039Z", "log.level": "INFO", "message":"Node [{elasticsearch}{L0DenxN9QauMLp6-VVnHBw}] is selected as the current health node.", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#3]","log.logger":"org.elasticsearch.health.node.selection.HealthNodeTaskExecutor","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:35.039Z", "log.level":"ERROR", "message":"exception during geoip databases update", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.GeoIpDownloader","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster","error.type":"org.elasticsearch.ElasticsearchException","error.message":"not all primary shards of [.geoip_databases] index are active","error.stack_trace":"org.elasticsearch.ElasticsearchException: not all primary shards of [.geoip_databases] index are active\n\tat org.elasticsearch.ingest.geoip@8.13.2/org.elasticsearch.ingest.geoip.GeoIpDownloader.updateDatabases(GeoIpDownloader.java:131)\n\tat org.elasticsearch.ingest.geoip@8.13.2/org.elasticsearch.ingest.geoip.GeoIpDownloader.runDownloader(GeoIpDownloader.java:279)\n\tat org.elasticsearch.ingest.geoip@8.13.2/org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:160)\n\tat org.elasticsearch.ingest.geoip@8.13.2/org.elasticsearch.ingest.geoip.GeoIpDownloaderTaskExecutor.nodeOperation(GeoIpDownloaderTaskExecutor.java:59)\n\tat org.elasticsearch.server@8.13.2/org.elasticsearch.persistent.NodePersistentTasksExecutor$1.doRun(NodePersistentTasksExecutor.java:34)\n\tat org.elasticsearch.server@8.13.2/org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:984)\n\tat org.elasticsearch.server@8.13.2/org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)\n\tat java.base/java.lang.Thread.run(Thread.java:1583)\n"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:35.397Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-Country.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][generic][T#2]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:35.444Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-ASN.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][generic][T#5]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:35.634Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[.kibana-observability-ai-assistant-conversations-000001][0]]]).","previous.health":"RED","reason":"shards started [[.kibana-observability-ai-assistant-conversations-000001][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-kibana-1         | [2024-05-01T08:08:35.815+00:00][INFO ][savedobjects-service] Waiting until all Elasticsearch nodes are compatible with Kibana before starting saved objects migrations...
docker-elk-kibana-1         | [2024-05-01T08:08:35.816+00:00][INFO ][savedobjects-service] Starting saved objects migrations
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:35.823Z", "log.level": "INFO", "message":"successfully loaded geoip database file [GeoLite2-City.mmdb]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][generic][T#4]","log.logger":"org.elasticsearch.ingest.geoip.DatabaseNodeService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-kibana-1         | [2024-05-01T08:08:35.860+00:00][INFO ][savedobjects-service] [.kibana] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 18ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.862+00:00][INFO ][savedobjects-service] [.kibana_task_manager] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 19ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.865+00:00][INFO ][savedobjects-service] [.kibana_security_solution] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 19ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.866+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 18ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.869+00:00][INFO ][savedobjects-service] [.kibana_analytics] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 24ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.869+00:00][INFO ][savedobjects-service] [.kibana_security_solution] WAIT_FOR_YELLOW_SOURCE -> UPDATE_SOURCE_MAPPINGS_PROPERTIES. took: 4ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.870+00:00][INFO ][savedobjects-service] [.kibana_security_solution] UPDATE_SOURCE_MAPPINGS_PROPERTIES -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 1ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.871+00:00][INFO ][savedobjects-service] [.kibana_ingest] INIT -> WAIT_FOR_YELLOW_SOURCE. took: 22ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.871+00:00][INFO ][savedobjects-service] [.kibana] WAIT_FOR_YELLOW_SOURCE -> UPDATE_SOURCE_MAPPINGS_PROPERTIES. took: 11ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.872+00:00][INFO ][savedobjects-service] [.kibana] UPDATE_SOURCE_MAPPINGS_PROPERTIES -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 1ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.872+00:00][INFO ][savedobjects-service] [.kibana_task_manager] WAIT_FOR_YELLOW_SOURCE -> UPDATE_SOURCE_MAPPINGS_PROPERTIES. took: 10ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.872+00:00][INFO ][savedobjects-service] [.kibana_task_manager] UPDATE_SOURCE_MAPPINGS_PROPERTIES -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.873+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] WAIT_FOR_YELLOW_SOURCE -> UPDATE_SOURCE_MAPPINGS_PROPERTIES. took: 7ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.877+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] UPDATE_SOURCE_MAPPINGS_PROPERTIES -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 4ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.878+00:00][INFO ][savedobjects-service] [.kibana_analytics] WAIT_FOR_YELLOW_SOURCE -> UPDATE_SOURCE_MAPPINGS_PROPERTIES. took: 9ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.878+00:00][INFO ][savedobjects-service] [.kibana_analytics] UPDATE_SOURCE_MAPPINGS_PROPERTIES -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.981+00:00][INFO ][savedobjects-service] [.kibana_ingest] WAIT_FOR_YELLOW_SOURCE -> UPDATE_SOURCE_MAPPINGS_PROPERTIES. took: 110ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.981+00:00][INFO ][savedobjects-service] [.kibana_ingest] UPDATE_SOURCE_MAPPINGS_PROPERTIES -> OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.984+00:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 112ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.985+00:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 113ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.985+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 108ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.986+00:00][INFO ][savedobjects-service] [.kibana_analytics] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 108ms.
docker-elk-kibana-1         | [2024-05-01T08:08:35.987+00:00][INFO ][savedobjects-service] [.kibana_security_solution] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 117ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.010+00:00][INFO ][savedobjects-service] [.kibana_ingest] OUTDATED_DOCUMENTS_SEARCH_OPEN_PIT -> OUTDATED_DOCUMENTS_SEARCH_READ. took: 29ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.102+00:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 117ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.104+00:00][INFO ][savedobjects-service] [.kibana_security_solution] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 117ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.105+00:00][INFO ][savedobjects-service] [.kibana_analytics] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 119ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.105+00:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 121ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.106+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 121ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.114+00:00][INFO ][savedobjects-service] [.kibana_security_solution] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> CHECK_TARGET_MAPPINGS. took: 10ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.115+00:00][INFO ][savedobjects-service] [.kibana_security_solution] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 1ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.115+00:00][INFO ][savedobjects-service] [.kibana_security_solution] CHECK_VERSION_INDEX_READY_ACTIONS -> DONE. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.115+00:00][INFO ][savedobjects-service] [.kibana_security_solution] Migration completed after 269ms
docker-elk-kibana-1         | [2024-05-01T08:08:36.115+00:00][INFO ][savedobjects-service] [.kibana_task_manager] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> CHECK_TARGET_MAPPINGS. took: 10ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.115+00:00][INFO ][savedobjects-service] [.kibana_task_manager] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_task_manager] CHECK_VERSION_INDEX_READY_ACTIONS -> DONE. took: 1ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_task_manager] Migration completed after 273ms
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_analytics] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> CHECK_TARGET_MAPPINGS. took: 11ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_analytics] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_analytics] CHECK_VERSION_INDEX_READY_ACTIONS -> DONE. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_analytics] Migration completed after 271ms
docker-elk-kibana-1         | [2024-05-01T08:08:36.116+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> CHECK_TARGET_MAPPINGS. took: 10ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 1ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] CHECK_VERSION_INDEX_READY_ACTIONS -> DONE. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana_alerting_cases] Migration completed after 269ms
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> CHECK_TARGET_MAPPINGS. took: 15ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana] CHECK_VERSION_INDEX_READY_ACTIONS -> DONE. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.117+00:00][INFO ][savedobjects-service] [.kibana] Migration completed after 275ms
docker-elk-kibana-1         | [2024-05-01T08:08:36.120+00:00][INFO ][savedobjects-service] [.kibana_ingest] OUTDATED_DOCUMENTS_SEARCH_READ -> OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT. took: 110ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.122+00:00][INFO ][savedobjects-service] [.kibana_ingest] OUTDATED_DOCUMENTS_SEARCH_CLOSE_PIT -> CHECK_TARGET_MAPPINGS. took: 2ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.122+00:00][INFO ][savedobjects-service] [.kibana_ingest] CHECK_TARGET_MAPPINGS -> CHECK_VERSION_INDEX_READY_ACTIONS. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.122+00:00][INFO ][savedobjects-service] [.kibana_ingest] CHECK_VERSION_INDEX_READY_ACTIONS -> DONE. took: 0ms.
docker-elk-kibana-1         | [2024-05-01T08:08:36.122+00:00][INFO ][savedobjects-service] [.kibana_ingest] Migration completed after 273ms
docker-elk-kibana-1         | [2024-05-01T08:08:36.128+00:00][INFO ][status.core.elasticsearch] elasticsearch service is now available: Elasticsearch is available
docker-elk-kibana-1         | [2024-05-01T08:08:36.128+00:00][INFO ][status.core.savedObjects] savedObjects service is now available: SavedObjects service has completed migrations and is available
docker-elk-kibana-1         | [2024-05-01T08:08:36.129+00:00][INFO ][plugins-system.preboot] Stopping all plugins.
docker-elk-kibana-1         | [2024-05-01T08:08:36.129+00:00][INFO ][plugins-system.preboot] All plugins stopped.
docker-elk-kibana-1         | [2024-05-01T08:08:36.129+00:00][INFO ][plugins-system.standard] Starting [149] plugins: [devTools,translations,share,screenshotMode,usageCollection,telemetryCollectionManager,telemetryCollectionXpack,taskManager,kibanaUsageCollection,cloud,newsfeed,savedObjectsFinder,noDataPage,monitoringCollection,licensing,mapsEms,globalSearch,globalSearchProviders,features,guidedOnboarding,banners,licenseApiGuard,customBranding,ftrApis,fieldFormats,expressions,screenshotting,esUiShared,customIntegrations,contentManagement,dataViews,home,searchprofiler,painlessLab,management,spaces,security,telemetry,licenseManagement,snapshotRestore,lists,files,encryptedSavedObjects,eventLog,actions,notifications,cloudDataMigration,advancedSettings,grokdebugger,console,bfetch,data,savedObjectsTagging,savedObjectsManagement,unifiedSearch,graph,alerting,embeddable,uiActionsEnhanced,savedSearch,presentationUtil,expressionShape,expressionRevealImage,expressionRepeatImage,expressionMetric,expressionImage,controls,fileUpload,ingestPipelines,ecsDataQualityDashboard,dataViewFieldEditor,dataViewManagement,charts,watcher,visualizations,visTypeXy,visTypeVislib,visTypeVega,visTypeTimeseries,visTypeTimelion,visTypeTagcloud,visTypeTable,visTypeMetric,visTypeMarkdown,visTypeHeatmap,inputControlVis,expressionTagcloud,expressionPartitionVis,visTypePie,expressionMetricVis,expressionLegacyMetricVis,expressionHeatmap,expressionGauge,visTypeGauge,eventAnnotation,expressionXY,dashboard,lens,triggersActionsUi,transform,stackConnectors,stackAlerts,ruleRegistry,cases,timelines,sessionView,kubernetesSecurity,threatIntelligence,metricsDataAccess,aiops,links,discover,reporting,canvas,fleet,osquery,logsExplorer,indexManagement,rollup,remoteClusters,crossClusterReplication,indexLifecycleManagement,datasetQuality,cloudSecurityPosture,cloudDefend,discoverEnhanced,maps,dataVisualizer,ml,observabilityAIAssistant,logsShared,observabilityLogsExplorer,enterpriseSearch,observability,uptime,synthetics,observabilityOnboarding,elasticAssistant,securitySolution,securitySolutionEss,dashboardEnhanced,apmDataAccess,infra,upgradeAssistant,monitoring,logstash,assetManager,apm,ux]
docker-elk-kibana-1         | [2024-05-01T08:08:36.378+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Sender-1.1.4 scheduled with interval 1h
docker-elk-kibana-1         | [2024-05-01T08:08:36.379+00:00][INFO ][plugins.fleet.fleet:check-deleted-files-task:1.0.1] Started with interval of [1d] and timeout of [2m]
docker-elk-kibana-1         | [2024-05-01T08:08:36.379+00:00][INFO ][plugins.fleet] Task Fleet-Metrics-Task:1.1.1 scheduled with interval 1h
docker-elk-kibana-1         | [2024-05-01T08:08:36.391+00:00][INFO ][plugins.infra] Skipping initialization of Profiling endpoints because 'profilingDataAccess' plugin is not available
docker-elk-kibana-1         | [2024-05-01T08:08:36.392+00:00][INFO ][plugins.monitoring.monitoring] config sourced from: production cluster
docker-elk-kibana-1         | [2024-05-01T08:08:36.404+00:00][INFO ][plugins.observability] Installing SLO shared resources
docker-elk-kibana-1         | [2024-05-01T08:08:36.415+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing component template .kibana-data-quality-dashboard-ecs-mappings
docker-elk-kibana-1         | [2024-05-01T08:08:36.416+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing component template .kibana-data-quality-dashboard-results-mappings
docker-elk-logstash-1       | [2024-05-01T08:08:37,185][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://logstash_internal:xxxxxx@elasticsearch:9200/"}
docker-elk-logstash-1       | [2024-05-01T08:08:37,206][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch version determined (8.13.2) {:es_version=>8}
docker-elk-logstash-1       | [2024-05-01T08:08:37,206][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
docker-elk-kibana-1         | [2024-05-01T08:08:37.263+00:00][INFO ][http.server.Kibana] http server running at http://0.0.0.0:5601
docker-elk-kibana-1         | [2024-05-01T08:08:37.277+00:00][INFO ][plugins.fleet] Task Fleet-Usage-Logger-Task scheduled with interval 15m
docker-elk-kibana-1         | [2024-05-01T08:08:37.290+00:00][INFO ][plugins.observability] SLO component template found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.301+00:00][INFO ][plugins.observability] SLO component template found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.310+00:00][INFO ][plugins.observability] SLO component template found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.313+00:00][INFO ][plugins.telemetry] Telemetry collection is enabled. For more information on telemetry settings, refer to https://www.elastic.co/guide/en/kibana/8.13/telemetry-settings-kbn.html.
docker-elk-kibana-1         | [2024-05-01T08:08:37.332+00:00][INFO ][plugins.ecsDataQualityDashboard] Installing index template .kibana-data-quality-dashboard-results-index-template
docker-elk-kibana-1         | [2024-05-01T08:08:37.342+00:00][INFO ][plugins.observability] SLO component template found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.401+00:00][INFO ][plugins.monitoring.monitoring.kibana-monitoring] Starting monitoring stats collection
docker-elk-kibana-1         | [2024-05-01T08:08:37.404+00:00][INFO ][plugins.fleet] Beginning fleet setup
docker-elk-kibana-1         | [2024-05-01T08:08:37.404+00:00][INFO ][plugins.fleet] Cleaning old indices
docker-elk-kibana-1         | [2024-05-01T08:08:37.409+00:00][INFO ][plugins.observability] SLO index template found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.436+00:00][INFO ][plugins.observability] SLO index template found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.441+00:00][INFO ][plugins.fleet] Agent policies updated by license change: []
docker-elk-kibana-1         | [2024-05-01T08:08:37.443+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Started. Checking for changes to endpoint artifacts
docker-elk-kibana-1         | [2024-05-01T08:08:37.443+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Complete. Task run took 0ms [ stated: 2024-05-01T08:08:37.443Z ]
docker-elk-kibana-1         | [2024-05-01T08:08:37.499+00:00][INFO ][plugins.ecsDataQualityDashboard] Updating data streams - .kibana-data-quality-dashboard-results-*
docker-elk-kibana-1         | [2024-05-01T08:08:37.543+00:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: scheduled with interval 1h
docker-elk-kibana-1         | [2024-05-01T08:08:37.709+00:00][INFO ][plugins.observability] SLO ingest pipeline found with version [3]
docker-elk-kibana-1         | [2024-05-01T08:08:37.916+00:00][INFO ][plugins.observabilityAIAssistant.service] Successfully set up index assets
docker-elk-kibana-1         | [2024-05-01T08:08:37.943+00:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, private key passphrase is being stored in plain text
docker-elk-kibana-1         | [2024-05-01T08:08:37.979+00:00][INFO ][plugins.fleet] Fleet setup completed
docker-elk-kibana-1         | [2024-05-01T08:08:37.979+00:00][WARN ][plugins.fleet] xpack.encryptedSavedObjects.encryptionKey is not configured, agent uninstall tokens are being stored in plain text
docker-elk-kibana-1         | [2024-05-01T08:08:37.980+00:00][INFO ][plugins.securitySolution] Dependent plugin setup complete - Starting ManifestTask
docker-elk-kibana-1         | [2024-05-01T08:08:37.981+00:00][INFO ][plugins.securitySolution.endpoint.policyProtections] App feature [endpoint_policy_protections] is enabled. Nothing to do!
docker-elk-kibana-1         | [2024-05-01T08:08:37.981+00:00][INFO ][plugins.securitySolution.endpoint.policyProtections] App feature [endpoint_protection_updates] is enabled. Nothing to do!
docker-elk-kibana-1         | [2024-05-01T08:08:37.981+00:00][INFO ][plugins.securitySolution.endpoint.agentPolicyFeatures] App feature [endpoint_agent_tamper_protection] is enabled. Nothing to do!
docker-elk-kibana-1         | [2024-05-01T08:08:38.014+00:00][INFO ][plugins.synthetics] Installed synthetics index templates
docker-elk-logstash-1       | [2024-05-01T08:08:38,112][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>8, :ecs_compatibility=>:v8}
docker-elk-logstash-1       | [2024-05-01T08:08:38,127][INFO ][logstash.outputs.elasticsearch][main] Installing Elasticsearch template {:name=>"ecs-logstash"}
docker-elk-logstash-1       |
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:08:38.194Z", "log.level": "INFO", "message":"adding index template [ecs-logstash] for index patterns [ecs-logstash-*]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#1]","log.logger":"org.elasticsearch.cluster.metadata.MetadataIndexTemplateService","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-kibana-1         | [2024-05-01T08:08:39.389+00:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
docker-elk-kibana-1         | [2024-05-01T08:08:42.172+00:00][INFO ][status.plugins.alerting] alerting plugin is now available: Alerting is (probably) ready
docker-elk-kibana-1         | [2024-05-01T08:08:42.172+00:00][INFO ][status.plugins.fleet] fleet plugin is now available: Fleet is available
docker-elk-kibana-1         | [2024-05-01T08:08:42.172+00:00][INFO ][status.plugins.licensing] licensing plugin is now available: License fetched
docker-elk-kibana-1         | [2024-05-01T08:08:42.173+00:00][INFO ][status.plugins.taskManager] taskManager plugin is now available: Task Manager is healthy
docker-elk-kibana-1         | [2024-05-01T08:08:42.257+00:00][INFO ][status] Kibana is now available
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:09:04.337Z", "log.level": "INFO", "message":"low disk watermark [85%] exceeded on [L0DenxN9QauMLp6-VVnHBw][elasticsearch][/usr/share/elasticsearch/data] free: 8gb[13.8%], replicas will not be assigned to this node", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][management][T#2]","log.logger":"org.elasticsearch.cluster.routing.allocation.DiskThresholdMonitor","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
hi
docker-elk-kibana-1         | [2024-05-01T08:09:36.294+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
docker-elk-kibana-1         | [2024-05-01T08:09:39.270+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Started. Checking for changes to endpoint artifacts
docker-elk-kibana-1         | [2024-05-01T08:09:39.275+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Last computed manifest not available yet
docker-elk-kibana-1         | [2024-05-01T08:09:39.275+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Complete. Task run took 5ms [ stated: 2024-05-01T08:09:39.270Z ]
docker-elk-kibana-1         | [2024-05-01T08:09:42.266+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
docker-elk-kibana-1         | [2024-05-01T08:10:08.896+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
hi
docker-elk-kibana-1         | [2024-05-01T08:10:42.287+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Started. Checking for changes to endpoint artifacts
docker-elk-kibana-1         | [2024-05-01T08:10:42.289+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Last computed manifest not available yet
docker-elk-kibana-1         | [2024-05-01T08:10:42.289+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Complete. Task run took 2ms [ stated: 2024-05-01T08:10:42.287Z ]
docker-elk-kibana-1         | [2024-05-01T08:11:33.026+00:00][ERROR][http] 500 Server Error
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:11:35.779Z", "log.level": "INFO", "message":"[.async-search] creating index, cause [auto(bulk api)], templates [], shards [1]/[0]", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#2]","log.logger":"org.elasticsearch.cluster.metadata.MetadataCreateIndexService","trace.id":"8fe201881f5cb784febd92f780ee67cc","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-elasticsearch-1  | {"@timestamp":"2024-05-01T08:11:35.879Z", "log.level": "INFO",  "current.health":"GREEN","message":"Cluster health status changed from [YELLOW] to [GREEN] (reason: [shards started [[.async-search][0]]]).","previous.health":"YELLOW","reason":"shards started [[.async-search][0]]" , "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[elasticsearch][masterService#updateTask][T#2]","log.logger":"org.elasticsearch.cluster.routing.allocation.AllocationService","trace.id":"8fe201881f5cb784febd92f780ee67cc","elasticsearch.cluster.uuid":"xkyuwOlGT6inKeYULs3Ymw","elasticsearch.node.id":"L0DenxN9QauMLp6-VVnHBw","elasticsearch.node.name":"elasticsearch","elasticsearch.cluster.name":"docker-cluster"}
docker-elk-kibana-1         | [2024-05-01T08:11:45.279+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Started. Checking for changes to endpoint artifacts
docker-elk-kibana-1         | [2024-05-01T08:11:45.282+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Last computed manifest not available yet
docker-elk-kibana-1         | [2024-05-01T08:11:45.283+00:00][INFO ][plugins.securitySolution.endpoint:user-artifact-packager:1.0.0] Complete. Task run took 4ms [ stated: 2024-05-01T08:11:45.279Z ]
docker-elk-kibana-1         | [2024-05-01T08:11:57.149+00:00][INFO ][plugins.apm] create static data view apm_static_data_view_id_default

[antoineco]

That means you forgot to perform the docker-elk setup.

[dileep9490]

@antoineco

That means you forgot to perform the docker-elk setup.

You mean that I didn't run docker compose up setup ?

[antoineco]

Right, this part is critical since it initializes the built-in users with the passwords provided in the .env file. Without this step, users are disabled, and you will see these "connection refused" types of errors.

[dileep9490]

Right, this part is critical since it initializes the built-in users with the passwords provided in the .env file. Without this step, users are disabled, and you will see these "connection refused" types of errors.

I did this part too

Here's the output

docker-elk-setup-1  | [+] Waiting for availability of Elasticsearch. This can take several minutes.
docker-elk-setup-1  |    ⠿ Elasticsearch is running
docker-elk-setup-1  | [+] Waiting for initialization of built-in users
docker-elk-setup-1  |    ⠿ Built-in users were initialized
docker-elk-setup-1  | [+] Role 'heartbeat_writer'
docker-elk-setup-1  |    ⠿ Creating/updating
docker-elk-setup-1  | [+] Role 'metricbeat_writer'
docker-elk-setup-1  |    ⠿ Creating/updating
docker-elk-setup-1  | [+] Role 'filebeat_writer'
docker-elk-setup-1  |    ⠿ Creating/updating
docker-elk-setup-1  | [+] Role 'logstash_writer'
docker-elk-setup-1  |    ⠿ Creating/updating
docker-elk-setup-1  | [+] User 'filebeat_internal'
docker-elk-setup-1  |    ⠿ No password defined, skipping
docker-elk-setup-1  | [+] User 'kibana_system'
docker-elk-setup-1  |    ⠿ User exists, setting password
docker-elk-setup-1  | [+] User 'logstash_internal'
docker-elk-setup-1  |    ⠿ User exists, setting password
docker-elk-setup-1  | [+] User 'heartbeat_internal'
docker-elk-setup-1  |    ⠿ No password defined, skipping
docker-elk-setup-1  | [+] User 'metricbeat_internal'
docker-elk-setup-1  |    ⠿ No password defined, skipping
docker-elk-setup-1  | [+] User 'monitoring_internal'
docker-elk-setup-1  |    ⠿ No password defined, skipping
docker-elk-setup-1  | [+] User 'beats_system'
docker-elk-setup-1  |    ⠿ No password defined, skipping
docker-elk-setup-1 exited with code 0

I didn't change any passwords for default users

[antoineco]

Oh you're right, my mistake, I overlooked the fact that you were using a custom index name ("test").

Our default role is quite strict and only allows managing and writing the default indexes of the Elasticsearch output:

https://github.com/deviantony/docker-elk/blob/120d860cce697e1cfbf772bf5654775201aa6bea/setup/roles/logstash_writer.json#L9-L13

You can fix this by either:

• adding new entries to the JSON file above, then running the setup again to apply changes
• updating the logstash_writer role via the Kibana web UI

[dileep9490]

@antoineco I guess it's not because of that. Even after adding what you've mentioned above it doesn't throw anything in the output related to input

[antoineco]

There is another issue with your Elasticsearch it seems:

low disk watermark [85%] exceeded on [...] free: 8gb[13.8%], replicas will not be assigned to this node

Possibly Elasticsearch is refusing to create the index due to that error.

This is a fairly common issue encountered by Elasticsearch users:

• https://github.com/deviantony/docker-elk/issues/876#issuecomment-1595628950

---

Edit: after further considerations, what you are observing is probably a different issue:

It defaults to 85%, meaning that Elasticsearch will not allocate shards to nodes that have more than 85% disk used. [...] This setting has no effect on the primary shards of newly-created indices but will prevent their replicas from being allocated. -- https://www.elastic.co/guide/en/elasticsearch/reference/8.8/modules-cluster.html#cluster-routing-watermark-low

[antoineco]

I managed to make it work:

I'm including my git diff below. Notice that I needed to set stdin_open: true.

diff --git a/docker-compose.yml b/docker-compose.yml
index 99dced1..64e8eb0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,6 +68,8 @@ services:
     restart: unless-stopped

   logstash:
+    tty: true
+    stdin_open: true
     build:
       context: logstash/
       args:
diff --git a/logstash/pipeline/logstash.conf b/logstash/pipeline/logstash.conf
index 5ac8861..a969831 100644
--- a/logstash/pipeline/logstash.conf
+++ b/logstash/pipeline/logstash.conf
@@ -1,19 +1,15 @@
 input {
-       beats {
-               port => 5044
-       }
-
-       tcp {
-               port => 50000
-       }
+       stdin { }
 }

 ## Add your filters / logstash plugins configuration here

 output {
+       stdout { codec => rubydebug }
        elasticsearch {
                hosts => "elasticsearch:9200"
                user => "logstash_internal"
+               index => "test"
                password => "${LOGSTASH_INTERNAL_PASSWORD}"
        }
 }
diff --git a/setup/roles/logstash_writer.json b/setup/roles/logstash_writer.json
index b43861f..dbbb7b3 100644
--- a/setup/roles/logstash_writer.json
+++ b/setup/roles/logstash_writer.json
@@ -7,6 +7,7 @@
   "indices": [
     {
       "names": [
+        "test-*",
         "logs-generic-default",
         "logstash-*",
         "ecs-logstash-*"
@@ -21,6 +22,7 @@
     },
     {
       "names": [
+        "test",
         "logstash",
         "ecs-logstash"
       ],

[dileep9490]

@antoineco I've changed my files. I've removed the docker volume and containers and did docker compose up setup and then docker compose up after when i see logstash is running i've given input but it's not working. Do I need to do any changes in between?

[antoineco]

None of these should be required, but it doesn't hurt if you did.

Does Logstash print your input back to the console as a Ruby object, like in my screenshot? If not, it's probably a case for stdin_open: true missing from the Compose file.

[dileep9490]

I did add stdin_open: true into compose file

Here's my docker-compose.yml:

version: "3.7"

services:
  # The 'setup' service runs a one-off script which initializes users inside
  # Elasticsearch — such as 'logstash_internal' and 'kibana_system' — with the
  # values of the passwords defined in the '.env' file. It also creates the
  # roles required by some of these users.
  #
  # This task only needs to be performed once, during the *initial* startup of
  # the stack. Any subsequent run will reset the passwords of existing users to
  # the values defined inside the '.env' file, and the built-in roles to their
  # default permissions.
  #
  # By default, it is excluded from the services started by 'docker compose up'
  # due to the non-default profile it belongs to. To run it, either provide the
  # '--profile=setup' CLI flag to Compose commands, or "up" the service by name
  # such as 'docker compose up setup'.
  setup:
    profiles:
      - setup
    build:
      context: setup/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    init: true
    volumes:
      - ./setup/entrypoint.sh:/entrypoint.sh:ro,Z
      - ./setup/lib.sh:/lib.sh:ro,Z
      - ./setup/roles:/roles:ro,Z
    environment:
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
      KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
      METRICBEAT_INTERNAL_PASSWORD: ${METRICBEAT_INTERNAL_PASSWORD:-}
      FILEBEAT_INTERNAL_PASSWORD: ${FILEBEAT_INTERNAL_PASSWORD:-}
      HEARTBEAT_INTERNAL_PASSWORD: ${HEARTBEAT_INTERNAL_PASSWORD:-}
      MONITORING_INTERNAL_PASSWORD: ${MONITORING_INTERNAL_PASSWORD:-}
      BEATS_SYSTEM_PASSWORD: ${BEATS_SYSTEM_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch

  elasticsearch:
    build:
      context: elasticsearch/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro,Z
      - elasticsearch:/usr/share/elasticsearch/data:Z
    ports:
      - 9200:9200
      - 9300:9300
    environment:
      node.name: elasticsearch
      ES_JAVA_OPTS: -Xms512m -Xmx512m
      # Bootstrap password.
      # Used to initialize the keystore during the initial startup of
      # Elasticsearch. Ignored on subsequent runs.
      ELASTIC_PASSWORD: ${ELASTIC_PASSWORD:-}
      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
      discovery.type: single-node
    networks:
      - elk
    restart: unless-stopped

  logstash:
    tty: true
    stdin_open: true
    build:
      context: logstash/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro,Z
    ports:
      - 5044:5044
      - 50000:50000/tcp
      - 50000:50000/udp
      - 9600:9600
    environment:
      LS_JAVA_OPTS: -Xms256m -Xmx256m
      LOGSTASH_INTERNAL_PASSWORD: ${LOGSTASH_INTERNAL_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch
    restart: unless-stopped

  kibana:
    build:
      context: kibana/
      args:
        ELASTIC_VERSION: ${ELASTIC_VERSION}
    volumes:
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro,Z
    ports:
      - 5601:5601
    environment:
      KIBANA_SYSTEM_PASSWORD: ${KIBANA_SYSTEM_PASSWORD:-}
    networks:
      - elk
    depends_on:
      - elasticsearch
    restart: unless-stopped

networks:
  elk:
    driver: bridge

volumes:
  elasticsearch:

[antoineco]

Out of curiosity how are you attaching to the Logstash container? In the example above I used docker compose attach logstash.

[dileep9490]

I'm not doing that I'm just doing docker compose up 😅. So I need to do docker compose attach logstash?

@antoineco I've changed my files. I've removed the docker volume and containers and did docker compose up setup and then docker compose up after when i see logstash is running i've given input but it's not working. Do I need to do any changes in between?

That's what I've asked here do I need to do anything other than docker compose up

[dileep9490]

@antoineco Thanks It's working now. I've missed this command docker container attach logstash. Thanks for the help 🙂

[antoineco]

Glad it helped!

I'm sorry if my original comment wasn't clear enough. I tried to express the fact that compose up was only tailing logs but not attaching here: https://github.com/deviantony/docker-elk/issues/981#issuecomment-2088118369

My assumption is that there is nothing redirected or piped to Logstash's standard input. This is expected because compose up isn't interactive (it doesn't attach to the containers' stdin).