Warning in Logstash
1. WARN:
[WARN ][logstash.monitoringextension.pipelineregisterhook] xpack.monitoring.enabled has not been defined, but found elasticsearch configuration. Please explicitly set `xpack.monitoring.enabled: true` in logstash.ymlWhy?: This warning is self explanatory, we have to update the logstash lonf file with `xpack.monitoring.enabled: true`
2. WARN:
[WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>”http://101.101.101.1:9200/"}Why? : Yet to find
3. WARN:
[WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}Why? The types in indices are deprecated since version 6 of the stack, and will be remove in the v7. See this article 77 for further details.
In short, you should remove the lines type => "Value" and add a field instead (or a metadata field).
Then in your output you just have to check the value of this field to select the output.
4. WARN:
[WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge] A gauge metric of an unknown type (org.jruby.specialized.RubyArrayOneObject) has been create for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.Why?
On Linux
sincedb_path => “/dev/null”On Windows
sincedb_path => "NUL"5. WARN:
[WARN ][logstash.outputs.elasticsearch] You are using a deprecated config setting "document_type" set in elasticsearch. Deprecated settings will continue to work, but are scheduled for removal from logstash in the future. Document types are being deprecated in Elasticsearch 6.0, and removed entirely in 7.0. You should avoid this feature If you have any questions about this, please visit the #logstash channel on freenode irc. {:name=>"document_type", :plugin=><LogStash::Outputs::ElasticSearch bulk_path=>"/_monitoring/bulk?system_id=logstash&system_api_version=7&interval=1s", hosts=>[http://101.101.101.9:9200], sniffing=>false, manage_template=>false, id=>"1ad0352239a75a46e73b56a1c7691b4c748b7c40b6e31bf6e6398fb5349314e7", document_type=>"%{[@metadata][document_type]}", enable_metric=>true, codec=><LogStash::Codecs::Plain id=>"plain_650a9488-5233-446e-be25-81ba0dde8ff1", enable_metric=>true, charset=>"UTF-8">, workers=>1, template_name=>"logstash", template_overwrite=>false, doc_as_upsert=>false, script_type=>"inline", script_lang=>"painless", script_var_name=>"event", scripted_upsert=>false, retry_initial_interval=>2, retry_max_interval=>64, retry_on_conflict=>1, ilm_enabled=>"auto", ilm_rollover_alias=>"logstash", ilm_pattern=>"{now/d}-000001", ilm_policy=>"logstash-policy", action=>"index", ssl_certificate_verification=>true, sniffing_delay=>5, timeout=>60, pool_max=>1000, pool_max_per_route=>100, resurrect_delay=>5, validate_after_inactivity=>10000, http_compression=>false>}Why? If you are using Logstash 6.3+, this may be coming from the Monitoring pipeline, where we still specify the document type for backward-compatibility reasons. When 7.0 rolls out, the version of the Monitoring pipeline that ships with it will no longer specify this deprecated field and the warning will go away on its own.
6. WARN
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.2.8.0.jar) to field java.io.FileDescriptor.fd
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use — illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Thread.exclusive is deprecated, use Thread::Mutex