Failed to Load StackTraceElementMixIn

[johnhydemtm365]

Description Hi there, I am trying to use this appender to ship our logs up to elastic search father than file based as we are running the site in a docker container.

No forgive my lack of knowledge as I am a c# dev, not a java dev, so struggling a little.

We use maven to build out site, which is a bloomreach CMS application. I have updated the dependancies section of the pom with the required config and the log4j2 xml file.

Now I am using this as is, so if the docs say use it I am otherwise I am not, so thats all I have done.

We already use log4j2 for the various components anyway.

When the site starts up I am seeing this error in the tomcat logs:

java.lang.IllegalAccessError: tried to access class org.apache.logging.log4j.core.jackson.StackTraceElementMixIn from class org.apache.logging.log4j.core.jackson.ExtendedLog4j2JsonModule at org.apache.logging.log4j.core.jackson.ExtendedLog4j2JsonModule.setupModule(ExtendedLog4j2JsonModule.java:39) at com.fasterxml.jackson.databind.ObjectMapper.registerModule(ObjectMapper.java:808) at org.apache.logging.log4j.core.jackson.ExtendedLog4j2JsonModule.applyTo(ExtendedLog4j2JsonModule.java:54) at org.appenders.log4j2.elasticsearch.JacksonJsonLayout$Builder.configureModules(JacksonJsonLayout.java:191) at org.appenders.log4j2.elasticsearch.JacksonJsonLayout$Builder.createConfiguredWriter(JacksonJsonLayout.java:163) at org.appenders.log4j2.elasticsearch.JacksonJsonLayout$Builder.createConfiguredWriter(JacksonJsonLayout.java:149) at org.appenders.log4j2.elasticsearch.JacksonJsonLayout$Builder.build(JacksonJsonLayout.java:143) at org.appenders.log4j2.elasticsearch.JacksonJsonLayout$Builder.build(JacksonJsonLayout.java:99) at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.build(PluginBuilder.java:123) at org.apache.logging.log4j.core.config.AbstractConfiguration.createPluginObject(AbstractConfiguration.java:959) at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:899) at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:891) at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:891) at org.apache.logging.log4j.core.config.AbstractConfiguration.doConfigure(AbstractConfiguration.java:514) at org.apache.logging.log4j.core.config.AbstractConfiguration.initialize(AbstractConfiguration.java:238) at org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:250) at org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:547) at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:619) at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:636) at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:231) at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:153) at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:45) at org.apache.logging.log4j.LogManager.getContext(LogManager.java:194) at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getContext(AbstractLoggerAdapter.java:121) at org.apache.logging.slf4j.Log4jLoggerFactory.getContext(Log4jLoggerFactory.java:43) at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getLogger(AbstractLoggerAdapter.java:46) at org.apache.logging.slf4j.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:29) at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:358) at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:383) at org.hippoecm.hst.site.container.HstContextLoaderListener.(HstContextLoaderListener.java:53) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:151) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4607) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631) at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1831) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) at org.apache.catalina.startup.Catalina.start(Catalina.java:633) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474)

Am I missing something simple, is there a dependency that is missing??

Just for confirmation this is the log4j2 config.

and this is the pom dependancy

org.appenders.log4j log4j2-elasticsearch-jest 1.5.0

The above is at the project level which I assume is correct.

Any help would be greatly appreciated.

Thanks J

[rfoltyns]

This is probably java.security being too restrictive or a simple class loading issue.

Which Log4j2 version are you using? Which Tomcat version are you using? Where are your Log4j2 jars? log4j2-core, log4j2-api, etc. Are they in <TOMCAT_HOME>/lib by any chance? If so, try to put log4j2-elasticsearch-* and appenders-logging jars in there as well and see if it helps.

This problem will be solved in 2.0 (in a few months at least, probably next year) after shading Log4j2 classes into core jar. At the moment, I can't do anything more than recommend to ensure that these jars are loaded by the same classloader.

[rfoltyns]

Could you test it with latest change, please? I just pushed the snapshots to http://oss.sonatype.org/content/repositories/snapshots.

Add the repo to your pom.xml (or other build system equivalent) to get it:

<repositories>
    <repository>
        <id>oss.sonatype.org-snapshot</id>
        <url>http://oss.sonatype.org/content/repositories/snapshots</url>
        <releases>
            <enabled>false</enabled>
        </releases>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
    </repository>
</repositories>

You can also download the relevant jar here

[johnhydemtm365]

Hi, appreciate your quick response. Of course I can test, can I assume I just reference the snapshot version?

Thanks J

On Thu, 4 Mar 2021 at 23:12, Rafal Foltynski notifications@github.com wrote:

Could you test it with latest change https://github.com/rfoltyns/log4j2-elasticsearch/commit/810bbe1aef3e804baad83cf09dbc8d527c79019e, please? I just pushed the snapshots to http://oss.sonatype.org/content/repositories/snapshots.

Add the repo to your pom.xml (or other build system equivalent) to get it:

oss.sonatype.org-snapshot http://oss.sonatype.org/content/repositories/snapshots false true

You can also download the relevant jar here https://oss.sonatype.org/content/repositories/snapshots/org/appenders/log4j/log4j2-elasticsearch-core/1.5.1-SNAPSHOT/log4j2-elasticsearch-core-1.5.1-20210304.230406-1.jar

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rfoltyns/log4j2-elasticsearch/issues/66#issuecomment-791020379, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH2XYN7KQ5P3NWPRZ77NIFDTCAHW3ANCNFSM4YTT73QQ .

--

John Hyde Technical Operations Manager T: +44 (0) 2380 215 399 | W: themtmagency.com https://themtmagency.com/?utm_source=mtm-email-footer

Facebook https://www.facebook.com/TheMTMAgency/ | Linkedin https://www.linkedin.com/company/mtmagency/ | Twitter https://twitter.com/themtmagency?lang=en The MTM Agency – Saxon House, Saxon Wharf, Lower York Street Southampton, SO14 5QF

[rfoltyns]

Yes. Version has to be changed from 1.5.0 to 1.5.1-SNAPSHOT and repositories section added to your pom file (Maven will have no clue how to locate these particular snapshots otherwise).

[johnhydemtm365]

Right testing the new snapshot moved things forward, I can now see a log file in kibana! However.....still getting an error in the logs on startup.

[talledLocalContainer] 2021-03-05 08:25:55,466 main ERROR Unable to invoke factory method in class org.appenders.log4j2.elasticsearch.IndexTemplatePlugin for element IndexTemplate: java.lang.IllegalArgumentException: Requested classpath resource was null: classpath:indexTemplate.json java.lang.reflect.InvocationTargetException [INFO] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [INFO] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [INFO] [talledLocalContainer] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [INFO] [talledLocalContainer] at java.lang.reflect.Method.invoke(Method.java:498) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.build(PluginBuilder.java:137) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.createPluginObject(AbstractConfiguration.java:959) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:899) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:891) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:891) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:891) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.doConfigure(AbstractConfiguration.java:514) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.initialize(AbstractConfiguration.java:238) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:250) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:547) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:619) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:636) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:231) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:153) [INFO] [talledLocalContainer] at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:45) [INFO] [talledLocalContainer] at org.apache.logging.log4j.LogManager.getContext(LogManager.java:194) [INFO] [talledLocalContainer] at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getContext(AbstractLoggerAdapter.java:121) [INFO] [talledLocalContainer] at org.apache.logging.slf4j.Log4jLoggerFactory.getContext(Log4jLoggerFactory.java:43) [INFO] [talledLocalContainer] at org.apache.logging.log4j.spi.AbstractLoggerAdapter.getLogger(AbstractLoggerAdapter.java:46) [INFO] [talledLocalContainer] at org.apache.logging.slf4j.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:29) [INFO] [talledLocalContainer] at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:358) [INFO] [talledLocalContainer] at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:383) [INFO] [talledLocalContainer] at org.hippoecm.hst.site.container.HstContextLoaderListener.(HstContextLoaderListener.java:53) [INFO] [talledLocalContainer] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [INFO] [talledLocalContainer] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [INFO] [talledLocalContainer] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [INFO] [talledLocalContainer] at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [INFO] [talledLocalContainer] at org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:151) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4607) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5146) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [INFO] [talledLocalContainer] at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:717) [INFO] [talledLocalContainer] at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:690) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:705) [INFO] [talledLocalContainer] at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:631) [INFO] [talledLocalContainer] at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1831) [INFO] [talledLocalContainer] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [INFO] [talledLocalContainer] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [INFO] [talledLocalContainer] at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [INFO] [talledLocalContainer] at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:112) [INFO] [talledLocalContainer] at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:526) [INFO] [talledLocalContainer] at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:425) [INFO] [talledLocalContainer] at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1576) [INFO] [talledLocalContainer] at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:309) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366) [INFO] [talledLocalContainer] at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:936) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [INFO] [talledLocalContainer] at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384) [INFO] [talledLocalContainer] at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374) [INFO] [talledLocalContainer] at java.util.concurrent.FutureTask.run(FutureTask.java:266) [INFO] [talledLocalContainer] at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75) [INFO] [talledLocalContainer] at java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:134) [INFO] [talledLocalContainer] at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:909) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:262) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardService.startInternal(StandardService.java:421) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [INFO] [talledLocalContainer] at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930) [INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183) [INFO] [talledLocalContainer] at org.apache.catalina.startup.Catalina.start(Catalina.java:633) [INFO] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [INFO] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [INFO] [talledLocalContainer] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [INFO] [talledLocalContainer] at java.lang.reflect.Method.invoke(Method.java:498) [INFO] [talledLocalContainer] at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:343) [INFO] [talledLocalContainer] at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:474) [INFO] [talledLocalContainer] Caused by: java.lang.IllegalArgumentException: Requested classpath resource was null: classpath:indexTemplate.json [INFO] [talledLocalContainer] at org.appenders.log4j2.elasticsearch.ResourceUtil.loadClasspathResource(ResourceUtil.java:80) [INFO] [talledLocalContainer] at org.appenders.log4j2.elasticsearch.ResourceUtil.loadResource(ResourceUtil.java:56) [INFO] [talledLocalContainer] at org.appenders.log4j2.elasticsearch.IndexTemplate$Builder.loadSource(IndexTemplate.java:119) [INFO] [talledLocalContainer] at org.appenders.log4j2.elasticsearch.IndexTemplatePlugin.createIndexTemplate(IndexTemplatePlugin.java:65) [INFO] [talledLocalContainer] ... 73 more [INFO] [talledLocalContainer] Caused by: java.lang.IllegalArgumentException: Requested classpath resource was null: classpath:indexTemplate.json [INFO] [talledLocalContainer] at org.appenders.log4j2.elasticsearch.ResourceUtil.loadClasspathResource(ResourceUtil.java:68) [INFO] [talledLocalContainer] ... 76 more [INFO] [talledLocalContainer] [INFO] [talledLocalContainer] 2021-03-05 08:25:55,491 main ERROR Null object returned for IndexTemplate in AsyncBatchDelivery.

With regards to versions Tomcat 9x - not in control of that as its in the base bloomreach CMS build Log4j2 - Not sure and cannot seem to find that version?

I am not adding any faster xml jackson references at the moment....

[johnhydemtm365]

I have a feeling if its like npm or nuget there is no version set for log4j2... just this

org.apache.logging.log4j log4j-core provided

so its using the latest?

[rfoltyns]

You need to provide an indexTemplate.json file in one of your jars in order to tell Elasticsearch how to map Log4j2 LogEvent fields.

You can find examples for all Elasticsearch versions here. indexTemplate-6.json is compatible with ES 5.x and 6.x. Once you package the template file in your jar, delete the index that was created a few minutes ago and restart the CMS app (index templates are applied on index creation)

Log4j2 version is most probably defined in the dependencyManagement section of parent pom. But, since it's making progress, it's probably not relevant anymore.

[rfoltyns]

You can also use an absolute file path instead.

[johnhydemtm365]

Hi, yeah trying to figure this out now...

[johnhydemtm365]

I ended up adding the json to the log4j2 file for now.

Appreciate your help on this

Thanks J

[rfoltyns]

Yeah, that'll work as well.

Given that the class access fix worked, I'll release it in 1.5.1 soon (most probably next week).

[johnhydemtm365]

Awesome. thanks J

[johnhydemtm365]

One quick question, in the index template I have this field, but it keeps coming through as a long...

"@timestamp": { "type": "date", "format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis" },

By the way I am using ES 7.5

Thanks John

On Fri, 5 Mar 2021 at 10:12, Rafal Foltynski notifications@github.com wrote:

Yeah, that'll work as well.

Given that the class access fix worked, I'll release it in 1.5.1 soon (most probably next week).

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/rfoltyns/log4j2-elasticsearch/issues/66#issuecomment-791320138, or unsubscribe https://github.com/notifications/unsubscribe-auth/AH2XYNYMTCBZ32WOOBCPNLTTCCVCHANCNFSM4YTT73QQ .

--

John Hyde Technical Operations Manager T: +44 (0) 2380 215 399 | W: themtmagency.com https://themtmagency.com/?utm_source=mtm-email-footer

Facebook https://www.facebook.com/TheMTMAgency/ | Linkedin https://www.linkedin.com/company/mtmagency/ | Twitter https://twitter.com/themtmagency?lang=en The MTM Agency – Saxon House, Saxon Wharf, Lower York Street Southampton, SO14 5QF

[rfoltyns]

Date column is timeMillis by default. It's of type long to reduce garbage. If you'd like to use @timestamp instead, you can configure it with JacksonMixIn as described here, but with slightly different mixin class

package foo.bar;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import org.apache.logging.log4j.core.LogEvent;

@JsonSerialize(as = LogEvent.class)
public abstract class CustomLogEventMixIn extends ExtendedLogEventJacksonJsonMixIn {

    @JsonProperty("@timestamp")
    @Override
    public abstract long getTimeMillis();

}

If you'd like to have a different format, you can use JacksonMixIn as described here (with a few fixes, follow the issue until the end). I don't recommend this though - log4j2-elasticsearch-jest module generates enough garbage already, log4j2-elasticsearch-hc reduces it by >90%, but that's a topic for a different discussion.

[rfoltyns]

Long story short - mixins determine the shape and content of serialized Log4j2 LogEvent and index template determines how ES will interpret it. Once the first document is in, ES creates an index, applies index template on this index (the one defined by IndexTemplate tag) and then you can create an index pattern in Kibana with date column (timeMillis by default, @timestamp if you want to). Since date column is of type long, index template is there to tell ES that that is the case.

[johnhydemtm365]

Hi, I got it all working locally. Still got two problems. Not related to this but in general. How do I specify a username and password for elastic search as our instance is secure in the cloud?

Also in apache I am seeing this error java.lang.ClassCastException: Cannot cast org.apache.logging.log4j.core.selector.BasicContextSelector to org.apache.logging.log4j.core.selector.ContextSelector

Thoughts?

Appreciate your help.

Any news on the patch going to a minor version rather than a snapshot?

[rfoltyns]

How do I specify a username and password for elastic search as our instance is secure in the cloud?

You need to add XPackAuth config to your Log4j2 configuration. Have a look here

java.lang.ClassCastException: Cannot cast org.apache.logging.log4j.core.selector.BasicContextSelector to org.apache.logging.log4j.core.selector.ContextSelector

No idea. I've never seen that before. Could you post a full stacktrace?

Any news on the patch going to a minor version rather than a snapshot?

Waiting for one more PR. If I don't get any feedback from the contributor, I'll push it myself and release this evening.

[rfoltyns]

If you're using AWS Elasticsearch service you'll not be able to authenticate (AWS service does not send back the WWW-Authenticate header). If that's the case, you'll need to extend a few classes.

If you're running regular ES, should be all good.

[johnhydemtm365]

Awesome, thought I would check as that is what I am using, but it was not working. Have added the dependancy to xpack as well now as well will check later. We are using cloud.io

Apache error, I will figure out.

Waiting for one more PR. If I don't get any feedback from the contributor, I'll push it myself and release this evening. Awesome.

[rfoltyns]

Fixed in 1.5.1

[rfoltyns]

Closing as the issue was fixed.

[rfoltyns]

@johnhydemtm365 Did you manage to setup TLS? Is there anything else I can help you with?