This repository is extends of https://github.com/uken/fluent-plugin-elasticsearch/ which made connectable to Amazon Elassticsearch Service using Aws Signers V4. Please check the requirements to connect to Amazon Elassticsearch Service without using Aws Signers V4 for before starting use. (reference https://groups.google.com/forum/#!msg/fluentd/uW87VAOqxeE/cfhenicEBAAJ)

License: MIT License

Ruby 100.00%

fluent-plugin-aws-elasticsearch-service's Introduction

Fluent::AwsElasticsearchServiceOutput

This output plugin to post to "Amazon Elasticsearch Service".

Installation

Add this line to your application's Gemfile:

gem 'fluent-plugin-aws-elasticsearch-service'

Usage

In your fluentd configration, use type aws-elasticsearch-service.

example:

<source>
  type tail
  format apache
  time_format "%d/%b/%Y:%T %z"
  path "/var/log/nginx/access.log"
  pos_file "/var/log/td-agent/nginx.access.pos"
  tag "es.nginx.access"
</source>

<match es.**>
  type "aws-elasticsearch-service"
  type_name "access_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  flush_interval 1s

  <endpoint>
    url https://CLUSTER_ENDPOINT_URL
    region eu-west-1
    # access_key_id "secret"
    # secret_access_key "seekret"
  </endpoint>
</match>

IAM

If you do not wish to use credentials in your configuration via the access_key_id and secret_access_key options you should use IAM policies.

The first step is to assign an IAM instance role ROLE to your EC2 instances. Name it appropriately. The role should contain no policy: we're using the possession of the role as the authenticating factor and placing the policy against the ES cluster.

You should then configure a policy for the ES cluster policy thus, with appropriate substitutions for the capitalized terms:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::ACCOUNT:role/ROLE"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-west-1:ACCOUNT:domain/ES_DOMAIN/*"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-west-1:ACCOUNT:domain/ES_DOMAIN/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "1.2.3.4/32",
            "5.6.7.8/32"
          ]
        }
      }
    }
  ]
}

This will allow your fluentd hosts (by virtue of the possession of the role) and any traffic coming from the specified IP addresses (you querying Kibana) to access the various endpoints. Whilst not ideally secure (both the fluentd and Kibana boxes should ideally be restricted to the verbs they require) it should allow you to get up and ingesting logs without anything getting in your way, before you tighten down the policy.

Additionally, you can use an STS assumed role as the authenticating factor and instruct the plugin to assume this role. This is useful for cross-account access and when assigning a standard role is not possible. The endpoint configuration looks like:

 <endpoint>
    url https://CLUSTER_ENDPOINT_URL
    region eu-west-1
    assume_role_arn arn:aws:sts::ACCOUNT:role/ROLE
    assume_role_session_name SESSION_ID # Defaults to fluentd if omitted
    sts_credentials_region us-west-2 # Defaults to region if omitted
  </endpoint>

The policy attached to your AWS Elasticsearch cluster then becomes something like:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:sts::ACCOUNT:assumed-role/ROLE/SESSION_ID"
      },
      "Action": "es:*",
      "Resource": "arn:aws:es:eu-west-1:ACCOUNT:domain/ES_DOMAIN/*"
    }
  ]
}

You'll need to ensure that the environment in which the fluentd plugin runs has the capability to assume this role, by attaching a policy something like this to the instance profile:

{
    "Version": "2012-10-17",
    "Statement": {
        "Effect": "Allow",
        "Action": "sts:AssumeRole",
        "Resource": "arn:aws:iam::ACCOUNT:role/ROLE"
    }
}

EKS

If you want to use IAM roles for service accounts on Amazon EKS clusters, please refer to the official documentation and specify a Service Account for your fluentd Pod.

Then, the endpoint configuration looks like:

<endpoint>
  url https://CLUSTER_ENDPOINT_URL
  region eu-west-1
  assume_role_arn "#{ENV['AWS_ROLE_ARN']}"
  assume_role_web_identity_token_file "#{ENV['AWS_WEB_IDENTITY_TOKEN_FILE']}"
</endpoint>

Troubleshooting

"Elasticsearch::Transport::Transport::Errors::Forbidden" error="[403]" even after verifying the access keys/roles/policies.
- Ensure you don't have a trailing slash on the endpoint URL in your fluentd configuration file (see CLUSTER_ENDPOINT_URL above).
"ElasticsearchIllegalArgumentException[explicit index in bulk is not allowed]"
- Check that rest.action.multi.allow_explicit is set true on your Amazon ES domain (verify in the console - there's a bug in Terraform, hashicorp/terraform#3980).

Development

After checking out the repo, run bin/setup to install dependencies. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/atomita/fluent-plugin-aws-elasticsearch-service. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

fluent-plugin-aws-elasticsearch-service's People

Contributors

Stargazers

Watchers

fluent-plugin-aws-elasticsearch-service's Issues

configuration

In the Readme the config-file is written in ruby.. I'm stuck with configuration of my fluentd env -

<source>
...
</source>

# Include config files in the ./config.d directory
@include /etc/fluentd/conf.d/*.conf

and

root@fluentd:/etc/fluentd/conf.d# vi aws-elasticsearch.conf 

<match "**">
      type "aws-elasticsearch-service"
      logstash_format true
      include_tag_key true
      tag_key "@log_name"
      log_level info

      flush_interval 5s
      buffer_chunk_limit 512K
...

      <endpoint>
        url "https://.....eu-central-1.es.amazonaws.com/"
        region "eu-central-1"
        access_key_id "ACCESS_KEY"
        secret_access_key "SECRET_KEY"
      </endpoint>
    </match>

that should be ok.. but starting agent ...

2015-10-23 09:02:26 +0000 [info]: adding match pattern="\"**\"" type="aws-elasticsearch-service"
/opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-aws-elasticsearch-service-0.1.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:76: warning: toplevel constant Elasticsearch referenced by Fluent::ElasticsearchOutput::Elasticsearch

Fluentd can't work with Signature Version 4

Problem

Hi all,

I have a problem with the plugin

Fluentd can't work with Signature Version 4

2019-12-24 08:46:50 +0000 [error]: #0 unexpected error error_class=Elasticsearch::Transport::Transport::Errors::Forbidden error="[403] {\"message\":\"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\"}" 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/elasticsearch-transport-6.8.0/lib/elasticsearch/transport/transport/base.rb:205:in __raise_transport_error'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/elasticsearch-transport-6.8.0/lib/elasticsearch/transport/transport/base.rb:323:in perform_request' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/elasticsearch-transport-6.8.0/lib/elasticsearch/transport/transport/http/faraday.rb:20:in perform_request'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/elasticsearch-transport-6.8.0/lib/elasticsearch/transport/client.rb:143:in perform_request' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/elasticsearch-api-6.8.0/lib/elasticsearch/api/actions/info.rb:15:in info'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluent-plugin-elasticsearch-3.5.5/lib/fluent/plugin/out_elasticsearch.rb:335:in detect_es_major_version' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluent-plugin-elasticsearch-3.5.5/lib/fluent/plugin/out_elasticsearch.rb:246:in block in configure'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluent-plugin-elasticsearch-3.5.5/lib/fluent/plugin/elasticsearch_index_template.rb:35:in retry_operate' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluent-plugin-elasticsearch-3.5.5/lib/fluent/plugin/out_elasticsearch.rb:245:in configure'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/plugin.rb:164:in configure' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:130:in add_match'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:72:in block in configure' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:64:in each'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:64:in configure' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:150:in configure'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/engine.rb:131:in configure' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/engine.rb:96:in run_configure'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:812:in run_configure' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:558:in block in run_worker'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:741:in main_process' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:554:in run_worker'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/lib/fluent/command/fluentd.rb:330:in <top (required)>' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in require'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/site_ruby/2.4.0/rubygems/core_ext/kernel_require.rb:55:in require' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/lib/ruby/gems/2.4.0/gems/fluentd-1.7.4/bin/fluentd:8:in <top (required)>'
2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/bin/fluentd:23:in load' 2019-12-24 08:46:50 +0000 [error]: #0 /opt/td-agent/embedded/bin/fluentd:23:in

'
2019-12-24 08:46:50 +0000 [info]: Worker 0 finished unexpectedly with status 1
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-aws-elasticsearch-service' version '2.3.0'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '3.5.5'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-kafka' version '0.12.1'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-prometheus' version '1.7.0'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-record-modifier' version '2.0.1'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-rewrite-tag-filter' version '2.2.0'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-s3' version '1.2.1'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-s3' version '1.2.0'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-td' version '1.0.0'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-td-monitoring' version '0.2.4'
2019-12-24 08:46:50 +0000 [info]: gem 'fluent-plugin-webhdfs' version '1.2.4'
2019-12-24 08:46:50 +0000 [info]: gem 'fluentd' version '1.7.4'
2019-12-24 08:46:50 +0000 [info]: adding filter pattern="docker." type="parser"
2019-12-24 08:46:50 +0000 [info]: adding match pattern="docker." type="aws-elasticsearch-service"
2019-12-24 08:46:51 +0000 [info]: #0 'flush_interval' is configured at out side of . 'flush_mode' is set to 'interval' to keep existing behaviour
2019-12-24 08:46:51 +0000 [error]: #0 unexpected error error_class=Elasticsearch::Transport::Transport::Errors::Forbidden error="[403] {"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."}"
`
td-agent 1.7.4

Release v0.1.7

If the fatal issue is not reported on v0.1.7-alpha, we will release it on October 29.

refs: #16 #18 #21 #25 #28

Is shard configuration possible while creating index

Question

Is there any property or something which I can use to setup index shard like no of shard for index.

Expected Behavior or What you need to ask

<match **>
   @type aws-elasticsearch-service
   @id out_aws_es
   @log_level debug
   include_tag_key true
   <endpoint>
     url "#{ENV['ELASTICSEARCH_ENDPOINT']}"
     region "#{ENV['ELASTICSEARCH_REGION']}"
   </endpoint>
   logstash_format 'true'
   index_name  'logstash'
   type_name 'fluentd'

   shard_count 1  <----- looking for this flag.
   
</match>

Passing custom headers

Hi,
Is there a config to pass custom request headers to elastic search? I need to pass API key as a request header to elastic search api gateway.

Thanks,
Vishnu Tej

Require farady_middleware in new install

Trying to install in docker image and getting

/opt/td-agent/embedded/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- faraday_middleware (LoadError)
    from /opt/td-agent/embedded/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-aws-elasticsearch-service-0.0.3/lib/fluent/plugin/out_aws-elasticsearch-service.rb:6:in `<top (required)>'
    from /opt/td-agent/embedded/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /opt/td-agent/embedded/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin.rb:148:in `block in try_load_plugin'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin.rb:146:in `each'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin.rb:146:in `try_load_plugin'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin.rb:106:in `new_impl'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin.rb:57:in `new_output'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin/out_copy.rb:41:in `block in configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin/out_copy.rb:34:in `each'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/plugin/out_copy.rb:34:in `configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/agent.rb:127:in `add_match'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/agent.rb:60:in `block in configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/agent.rb:54:in `each'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/agent.rb:54:in `configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/root_agent.rb:82:in `configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/engine.rb:93:in `configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/engine.rb:77:in `run_configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:457:in `run_configure'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:141:in `block in start'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:306:in `call'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:306:in `main_process'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:281:in `block in supervise'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:280:in `fork'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:280:in `supervise'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/supervisor.rb:137:in `start'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/command/fluentd.rb:167:in `<top (required)>'
    from /opt/td-agent/embedded/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:73:in `require'
    from /opt/td-agent/embedded/lib/ruby/site_ruby/2.1.0/rubygems/core_ext/kernel_require.rb:73:in `require'
    from /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/bin/fluentd:6:in `<top (required)>'
    from /opt/td-agent/embedded/bin/fluentd:23:in `load'
    from /opt/td-agent/embedded/bin/fluentd:23:in `<top (required)>'
    from /usr/sbin/td-agent:7:in `load'
    from /usr/sbin/td-agent:7:in `<main>'

I was using the general install command for fluentd

td-agent-gem install fluent-plugin-aws-elasticsearch-service

thoughts?

Multiple read timeout reached errors

Could not push logs to Elasticsearch, resetting connection and trying again. read timeout reached

Getting loads of this. Any idea what could be wrong ? The AWS ES Cluster Status is GREEN.

I have

resurrect_after -1
reload_on_failure true
reload_connections false

Depends on aws sdk v3

Recently, aws sdk gem v3 is released.
We should use aws sdk v3 instead of v2.

Please release latest version

Problem

I want to gem install fluent-plugin-aws-elasticsearch-service and get the latest version because it supports fluent-plugin-elasticsearch>=4, but this version is not yet available on Ruby gems.

Steps to replicate

$ gem install fluent-plugin-aws-elasticsearch-service:2.3.0
$ gem list | grep -i elastic
...
fluent-plugin-aws-elasticsearch-service (2.3.0)
fluent-plugin-elasticsearch (3.8.0)

Expected Behavior or What you need to ask

Please release the latest version on Ruby gems :-)

Using Fluentd and ES plugin versions

I am using Docker image fluent/fluentd:v1.11.0-1.0 and running gem install fluent-plugin-aws-elasticsearch-service.

OS version:

$ uname -a
Linux 3dacadfd4385 4.19.76-linuxkit #1 SMP Tue May 26 11:42:35 UTC 2020 x86_64 Linux

FluentD version:

$ fluentd --version
fluentd 1.11.0

Nothing insert when using filter parser

When I use a parser, I have nothing insert in my ES index

Exemple based on an "Activities" table with many "Sessions".
config :

<source>
  type postgres_replicator
  host "#{ENV['POSGRESQL_HOST']}"
  port "#{ENV['POSGRESQL_PORT']}"
  username "#{ENV['POSGRESQL_USER']}"
  password "#{ENV['POSGRESQL_PASSWORD']}"
  database "#{ENV['POSGRESQL_DB']}"
  sql SELECT "Activities"."id", "Activities"."name", json_object_agg("Sessions"."date", "Sessions"."status") as rawSessions FROM "Activities" INNER JOIN "Sessions" on "Activities"."id" = "Sessions"."activityId" GROUP BY "Activities"."id"  primary_keys id
  primary_keys id
  interval 1m
  tag replicator.pipeline.Activities.${event}.${primary_keys}
</source>
<filter replicator.pipeline.Activities.**>
  @type parser
  format json
  key_name rawSessions
  hash_value_field sessions
  reserve_data true
</filter>
<filter replicator.pipeline.Activities.**>
  @type record_transformer
  remove_keys rawSessions
</filter>
<match replicator.pipeline.Activities.**>
  @type elasticsearch
  user  "#{ENV['ES_USER']}"
  password "#{ENV['ES_PASSWORD']}"
  host "#{ENV['ES_HOST']}"
  scheme https
  index_name myindex
  type_name activities

  id_key id
  time_key updatedAt
  logstash_format false
  scheme https
  port "#{ENV['ES_PORT']}"
</match>

This one works fine

<source>
  type postgres_replicator
  host "#{ENV['POSGRESQL_HOST']}"
  port "#{ENV['POSGRESQL_PORT']}"
  username "#{ENV['POSGRESQL_USER']}"
  password "#{ENV['POSGRESQL_PASSWORD']}"
  database "#{ENV['POSGRESQL_DB']}"
  sql SELECT "Activities"."id", "Activities"."name", json_object_agg("Sessions"."date", "Sessions"."status") as rawSessions FROM "Activities" INNER JOIN "Sessions" on "Activities"."id" = "Sessions"."activityId" GROUP BY "Activities"."id"  primary_keys id
  primary_keys id
  interval 1m
  tag replicator.pipeline.Activities.${event}.${primary_keys}
</source>
<filter replicator.pipeline.Activities.**>
  @type parser
  format json
  key_name rawSessions
  hash_value_field sessions
  reserve_data true
</filter>
<filter replicator.pipeline.Activities.**>
  @type record_transformer
  remove_keys rawSessions
</filter>
<match replicator.pipeline.Activities.**>
  @type stdout
</match>

also this one work.

<source>
  type postgres_replicator
  host "#{ENV['POSGRESQL_HOST']}"
  port "#{ENV['POSGRESQL_PORT']}"
  username "#{ENV['POSGRESQL_USER']}"
  password "#{ENV['POSGRESQL_PASSWORD']}"
  database "#{ENV['POSGRESQL_DB']}"
  sql SELECT "Activities"."id", "Activities"."name", json_object_agg("Sessions"."date", "Sessions"."status") as rawSessions FROM "Activities" INNER JOIN "Sessions" on "Activities"."id" = "Sessions"."activityId" GROUP BY "Activities"."id"  primary_keys id
  primary_keys id
  interval 1m
  tag replicator.pipeline.Activities.${event}.${primary_keys}
</source>
<filter replicator.pipeline.Activities.**>
  @type record_transformer
  remove_keys rawSessions
</filter>
<match replicator.pipeline.Activities.**>
  @type elasticsearch
  user  "#{ENV['ES_USER']}"
  password "#{ENV['ES_PASSWORD']}"
  host "#{ENV['ES_HOST']}"
  scheme https
  index_name myindex
  type_name activities

  id_key id
  time_key updatedAt
  logstash_format false
  scheme https
  port "#{ENV['ES_PORT']}"
</match>

The problem is only when I'm using parser with elasticsearch output.
No log even in debug that clue the problem.

Error starting FluentD

Problem

When I start the fluentD with this plugin, I get an error
2021-08-06 16:36:11 +0000 [info]: gem 'fluentd' version '1.13.3'
2021-08-06T16:36:12.215656300Z /usr/local/bundle/gems/fluent-plugin-aws-elasticsearch-service-2.4.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:144:in `include': wrong argument type Class (expected Module) (TypeError)
2021-08-06T16:36:12.215693000Z 	from /usr/local/bundle/gems/fluent-plugin-aws-elasticsearch-service-2.4.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:144:in `<module:Client>'
2021-08-06T16:36:12.215695800Z 	from /usr/local/bundle/gems/fluent-plugin-aws-elasticsearch-service-2.4.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:143:in `<module:Elasticsearch>'
2021-08-06T16:36:12.215698000Z 	from /usr/local/bundle/gems/fluent-plugin-aws-elasticsearch-service-2.4.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:141:in `<class:ElasticsearchOutput>'
2021-08-06T16:36:12.215710700Z 	from /usr/local/bundle/gems/fluent-plugin-aws-elasticsearch-service-2.4.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:140:in `<module:Plugin>'
2021-08-06T16:36:12.215712900Z 	from /usr/local/bundle/gems/fluent-plugin-aws-elasticsearch-service-2.4.1/lib/fluent/plugin/out_aws-elasticsearch-service.rb:9:in `<top (required)>'
2021-08-06T16:36:12.215714900Z 	from /usr/local/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require'
2021-08-06T16:36:12.215716600Z 	from /usr/local/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require'
2021-08-06T16:36:12.215718300Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/registry.rb:102:in `block in search'
2021-08-06T16:36:12.215720000Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/registry.rb:99:in `each'
2021-08-06T16:36:12.215721700Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/registry.rb:99:in `search'
2021-08-06T16:36:12.215723400Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/registry.rb:44:in `lookup'
2021-08-06T16:36:12.215725100Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/plugin.rb:160:in `new_impl'
2021-08-06T16:36:12.215726700Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/plugin.rb:109:in `new_output'
2021-08-06T16:36:12.215728500Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/agent.rb:130:in `add_match'
2021-08-06T16:36:12.215730200Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/agent.rb:74:in `block in configure'
2021-08-06T16:36:12.215731900Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/agent.rb:64:in `each'
2021-08-06T16:36:12.215733600Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/agent.rb:64:in `configure'
2021-08-06T16:36:12.215736000Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/root_agent.rb:146:in `configure'
2021-08-06T16:36:12.215737800Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/engine.rb:105:in `configure'
2021-08-06T16:36:12.215739400Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/engine.rb:80:in `run_configure'
2021-08-06T16:36:12.215741100Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/supervisor.rb:663:in `run_supervisor'
2021-08-06T16:36:12.215742900Z 	from /usr/local/bundle/gems/fluentd-1.13.3/lib/fluent/command/fluentd.rb:344:in `<top (required)>'
2021-08-06T16:36:12.215744800Z 	from /usr/local/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require'
2021-08-06T16:36:12.215746800Z 	from /usr/local/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require'
2021-08-06T16:36:12.215748600Z 	from /usr/local/bundle/gems/fluentd-1.13.3/bin/fluentd:15:in `<top (required)>'
2021-08-06T16:36:12.215750300Z 	from /usr/local/bundle/bin/fluentd:23:in `load'
2021-08-06T16:36:12.215751900Z 	from /usr/local/bundle/bin/fluentd:23:in `<main>'

Steps to replicate

I'm using this Dockerfile:
FROM fluent/fluentd:edge-debian

USER root
RUN ["gem", "install", "fluent-plugin-aws-elasticsearch-service"]
RUN ["gem", "install", "fluent-plugin-record-modifier"]
RUN ["gem", "install", "fluent-plugin-http-healthcheck"]
RUN ["apt-get", "update"]
RUN ["apt-get", "-y", "install", "curl"]

HEALTHCHECK --interval=30s --timeout=3s CMD curl -v http://localhost:8888 || exit 1

COPY entrypoint.sh /bin/

USER fluent

Provide example config and message

<match gelf-logging>
  @type "aws-elasticsearch-service"
  type_name "access_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  logstash_prefix dummy
  templates { "dummy": "/fluentd/etc/dummy.json" }
  flush_interval 10s

  <endpoint>
    url "https://myElasticSearchInAws.eu-central-1.es.amazonaws.com"
    region "eu-central-1"
  </endpoint>
</match>

Expected Behavior or What you need to ask

I expect the application to start normally
...

Using Fluentd and ES plugin versions

Everything was provided in the error

Error Starting Fluentd

Problem

The fluend container would not be able to start with following errors

...

Steps to replicate

FROM bitnami/fluentd:1.14.0

RUN fluent-gem install 'fluent-plugin-aws-elasticsearch-service' -v 2.4.1

Expected Behavior or What you need to ask

Fluentd to start correctly
...

Using Fluentd and ES plugin versions

Fluentd: v1.14.0 fluent-plugin-aws-elasticsearch-service: v 2.4.1

Gem install is slow

As it stands fluent-plugin-aws-elasticsearch-service requires the aws-sdk gem. This includes 30+ aws-sdk-* items.

With sdk version 3 there is the ability to install specific modules. https://github.com/aws/aws-sdk-ruby/blob/master/README.md

Connection to AWS ElasticSearch is broken when using AWS credentials

Hi there.

I think this recent change is breaking the connection to the AWS ElasticSearch service.

I'm getting the following error in the /var/log/td-agent/td-agent.log.

2016-06-21 23:12:01 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-06-21 23:48:15 +0000 error_class="NameError" error="undefined local variable or method `access_key' for #<Fluent::AwsElasticsearchServiceOutput:0x007f5fc36fb9c0>" plugin_id="object:3fafe1b7dce0"
  2016-06-21 23:12:01 +0000 [warn]: suppressed same stacktrace

As the error is saying, there's no such thing as access_key defined anywhere and I believed that is the same for secret_key too.

Keep getting `explicit index in bulk is not allowed`

2016-05-12 12:44:22 +0100 [info]: Connection opened to Elasticsearch cluster => {:host=>"search-fluentd-aggregated-logs-xxxx.eu-west-1.es.amazonaws.com", :port=>443, :scheme=>"https", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="xxxx">, :region=>"eu-west-1"}}
2016-05-12 12:44:22 +0100 [warn]: temporarily failed to flush the buffer. next_retry=2016-05-12 12:44:23 +0100 error_class="Elasticsearch::Transport::Transport::Errors::BadRequest" error="[400] {\"error\":\"ElasticsearchIllegalArgumentException[explicit index in bulk is not allowed]\",\"status\":400}" plugin_id="object:3fe50cdd5884"
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.17/lib/elasticsearch/transport/transport/base.rb:201:in `__raise_transport_error'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.17/lib/elasticsearch/transport/transport/base.rb:312:in `perform_request'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.17/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.17/lib/elasticsearch/transport/client.rb:128:in `perform_request'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.17/lib/elasticsearch/api/actions/bulk.rb:88:in `bulk'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.4.0/lib/fluent/plugin/out_elasticsearch.rb:236:in `send'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.4.0/lib/fluent/plugin/out_elasticsearch.rb:229:in `write'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/buffer.rb:345:in `write_chunk'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/buffer.rb:324:in `pop'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/output.rb:329:in `try_flush'
  2016-05-12 12:44:22 +0100 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/output.rb:140:in `run'
2016-05-12 12:44:23 +0100 [warn]: temporarily failed to flush the buffer. next_retry=2016-05-12 12:44:25 +0100 error_class="Elasticsearch::Transport::Transport::Errors::BadRequest" error="[400] {\"error\":\"ElasticsearchIllegalArgumentException[explicit index in bulk is not allowed]\",\"status\":400}" plugin_id="object:3fe50cdd5884"
  2016-05-12 12:44:23 +0100 [warn]: suppressed same stacktrace
2016-05-12 12:44:25 +0100 [warn]: temporarily failed to flush the buffer. next_retry=2016-05-12 12:44:29 +0100 error_class="Elasticsearch::Transport::Transport::Errors::BadRequest" error="[400] {\"error\":\"ElasticsearchIllegalArgumentException[explicit index in bulk is not allowed]\",\"status\":400}" plugin_id="object:3fe50cdd5884"
  2016-05-12 12:44:25 +0100 [warn]: suppressed same stacktrace
2016-05-12 12:44:29 +0100 [warn]: temporarily failed to flush the buffer. next_retry=2016-05-12 12:44:37 +0100 error_class="Elasticsearch::Transport::Transport::Errors::BadRequest" error="[400] {\"error\":\"ElasticsearchIllegalArgumentException[explicit index in bulk is not allowed]\",\"status\":400}" plugin_id="object:3fe50cdd5884"
  2016-05-12 12:44:29 +0100 [warn]: suppressed same stacktrace

Error pushing "payload logs" to ElasticSearch

I have 2 different matches to push tu AWS ElasticSearch, one for audit logs and the other for payloads.
When I configure audit logs, it works fine, but when i configure payloads, I get the following result repeatedly :

2016-10-20 18:26:18 +0000 [info]: reading config file path="/fluentd/etc/custom.conf"
2016-10-20 18:26:18 +0000 [info]: starting fluentd-0.12.28
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-mixin-config-placeholders' version '0.4.0'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-aws-elasticsearch-service' version '0.1.6'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-concat' version '0.6.2'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '1.6.0'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-kinesis' version '1.1.1'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-parser' version '0.6.1'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-record-reformer' version '0.8.2'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-s3' version '0.7.1'
2016-10-20 18:26:18 +0000 [info]: gem 'fluent-plugin-systemd' version '0.0.4'
2016-10-20 18:26:18 +0000 [info]: gem 'fluentd' version '0.12.28'
2016-10-20 18:26:18 +0000 [info]: adding filter pattern="*.**" type="record_transformer"
2016-10-20 18:26:18 +0000 [info]: adding match pattern="service_audit" type="copy"
2016-10-20 18:26:18 +0000 [info]: adding match pattern="service_payload" type="copy"
2016-10-20 18:26:18 +0000 [info]: adding match pattern="fluent.**" type="copy"
2016-10-20 18:26:18 +0000 [info]: adding source type="forward"
2016-10-20 18:26:18 +0000 [info]: using configuration file: <ROOT>
  <filter *.**>
    @type record_transformer
    <record>
      product_name service
      environment_tag intqa102
      region us-east-1
      hostname ip-10-185-73-159.nonprod.xyz-aws.io
    </record>
  </filter>
  <source>
    @type forward
    port 24224
  </source>
  <match service_audit>
    type copy
    <store>
      @type s3
      s3_bucket prd00000280.open_platform_logs.nonprod1.us-east-1.xyz-aws
      path service/intqa102/audit/
      buffer_path /fluentd/log/s3_buffer_audit
      s3_object_key_format %{path}application_log_ip-10-185-73-159.nonprod.xyz-aws.io_%{time_slice}_%{index}.%{file_extension}
      s3_region us-east-1
      storage_class REDUCED_REDUNDANCY
      time_slice_format %Y%m%d%H
      utc 
      format json
      include_time_key true
      flush_at_shutdown true
    </store>
  </match>
  <match service_payload>
    type copy
    <store>
      @log_level debug
      @type aws-elasticsearch-service
      type_name payload_log
      logstash_format true
      logstash_prefix intqa102
      include_tag_key true
      tag_key @log_name
      time_key_format %FT%T.%L%z
      flush_interval 5s
      <endpoint>
        url http://logs.open.platform.nonprod1.nonprod-xyz-aws.io:80
        region us-east-1
      </endpoint>
    </store>
    <store>
      @type s3
      s3_bucket prd00000280.open_platform_logs.nonprod1.us-east-1.xyz-aws
      path service/intqa102/payload/
      buffer_path /fluentd/log/s3_buffer_payload
      s3_object_key_format %{path}payload_log_ip-10-185-73-159.nonprod.xyz-aws.io_%{time_slice}_%{index}.%{file_extension}
      s3_region us-east-1
      storage_class REDUCED_REDUNDANCY
      time_slice_format %Y%m%d%H
      utc 
      format json
      include_time_key true
      flush_at_shutdown true
    </store>
  </match>
  <match fluent.**>
    type copy
    <store>
      @type stdout
    </store>
    <store>
      @type s3
      s3_bucket prd00000280.open_platform_logs.nonprod1.us-east-1.xyz-aws
      path service/intqa102/fluent/
      buffer_path /fluentd/log/s3_buffer_fluent
      s3_object_key_format %{path}fluent_log_ip-10-185-73-159.nonprod.xyz-aws.io_%{time_slice}_%{index}.%{file_extension}
      s3_region us-east-1
      storage_class REDUCED_REDUNDANCY
      time_slice_format %Y%m%d%H
      utc 
      format json
      include_time_key true
      flush_at_shutdown true
    </store>
  </match>
</ROOT>

2016-10-20 18:26:19 +0000 [info]: listening fluent socket on 0.0.0.0:24224
2016-10-20 18:28:19 +0000 [info]: Connection opened to Elasticsearch cluster => {:host=>"logs.open.platform.nonprod1.nonprod-xyz-aws.io", :port=>80, :scheme=>"http", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="BSIEG3OXZUHFJVASPPEB">, :region=>"us-east-1"}}
2016-10-20 18:28:19 +0000 fluent.info: {"message":"Connection opened to Elasticsearch cluster => {:host=>\"logs.open.platform.nonprod1.nonprod-xyz-aws.io\", :port=>80, :scheme=>\"http\", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id=\"BSIEG3OXZUHFJVASPPEB\">, :region=>\"us-east-1\"}}","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:20 +0000 [warn]: Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)
2016-10-20 18:28:20 +0000 fluent.warn: {"message":"Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:22 +0000 [info]: Connection opened to Elasticsearch cluster => {:host=>"logs.open.platform.nonprod1.nonprod-xyz-aws.io", :port=>80, :scheme=>"http", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="BSIEG3OXZUHFJVASPPEB">, :region=>"us-east-1"}}
2016-10-20 18:28:22 +0000 fluent.info: {"message":"Connection opened to Elasticsearch cluster => {:host=>\"logs.open.platform.nonprod1.nonprod-xyz-aws.io\", :port=>80, :scheme=>\"http\", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id=\"BSIEG3OXZUHFJVASPPEB\">, :region=>\"us-east-1\"}}","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:22 +0000 [warn]: Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)
2016-10-20 18:28:22 +0000 fluent.warn: {"message":"Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:26 +0000 [info]: Connection opened to Elasticsearch cluster => {:host=>"logs.open.platform.nonprod1.nonprod-xyz-aws.io", :port=>80, :scheme=>"http", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="BSIEG3OXZUHFJVASPPEB">, :region=>"us-east-1"}}
2016-10-20 18:28:26 +0000 fluent.info: {"message":"Connection opened to Elasticsearch cluster => {:host=>\"logs.open.platform.nonprod1.nonprod-xyz-aws.io\", :port=>80, :scheme=>\"http\", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id=\"BSIEG3OXZUHFJVASPPEB\">, :region=>\"us-east-1\"}}","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:26 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-10-20 18:28:20 +0000 error_class="Fluent::ElasticsearchOutput::ConnectionFailure" error="Could not push logs to Elasticsearch after 2 retries. Broken pipe (Errno::EPIPE)" plugin_id="object:d37f0c"
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.6.0/lib/fluent/plugin/out_elasticsearch.rb:333:in `rescue in send'
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.6.0/lib/fluent/plugin/out_elasticsearch.rb:323:in `send'
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.6.0/lib/fluent/plugin/out_elasticsearch.rb:308:in `write'
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluentd-0.12.28/lib/fluent/buffer.rb:354:in `write_chunk'
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluentd-0.12.28/lib/fluent/buffer.rb:333:in `pop'
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluentd-0.12.28/lib/fluent/output.rb:338:in `try_flush'
  2016-10-20 18:28:26 +0000 [warn]: /var/lib/gems/2.1.0/gems/fluentd-0.12.28/lib/fluent/output.rb:149:in `run'
2016-10-20 18:28:26 +0000 fluent.warn: {"next_retry":"2016-10-20 18:28:20 +0000","error_class":"Fluent::ElasticsearchOutput::ConnectionFailure","error":"Could not push logs to Elasticsearch after 2 retries. Broken pipe (Errno::EPIPE)","plugin_id":"object:d37f0c","message":"temporarily failed to flush the buffer. next_retry=2016-10-20 18:28:20 +0000 error_class=\"Fluent::ElasticsearchOutput::ConnectionFailure\" error=\"Could not push logs to Elasticsearch after 2 retries. Broken pipe (Errno::EPIPE)\" plugin_id=\"object:d37f0c\"","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:26 +0000 [warn]: Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)
2016-10-20 18:28:26 +0000 fluent.warn: {"message":"Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:28 +0000 [info]: Connection opened to Elasticsearch cluster => {:host=>"logs.open.platform.nonprod1.nonprod-xyz-aws.io", :port=>80, :scheme=>"http", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="BSIEG3OXZUHFJVASPPEB">, :region=>"us-east-1"}}
2016-10-20 18:28:28 +0000 fluent.info: {"message":"Connection opened to Elasticsearch cluster => {:host=>\"logs.open.platform.nonprod1.nonprod-xyz-aws.io\", :port=>80, :scheme=>\"http\", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id=\"BSIEG3OXZUHFJVASPPEB\">, :region=>\"us-east-1\"}}","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:28 +0000 [warn]: Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)
2016-10-20 18:28:28 +0000 fluent.warn: {"message":"Could not push logs to Elasticsearch, resetting connection and trying again. Broken pipe (Errno::EPIPE)","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}
2016-10-20 18:28:32 +0000 [info]: Connection opened to Elasticsearch cluster => {:host=>"logs.open.platform.nonprod1.nonprod-xyz-aws.io", :port=>80, :scheme=>"http", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="BSIEG3OXZUHFJVASPPEB">, :region=>"us-east-1"}}
2016-10-20 18:28:32 +0000 fluent.info: {"message":"Connection opened to Elasticsearch cluster => {:host=>\"logs.open.platform.nonprod1.nonprod-xyz-aws.io\", :port=>80, :scheme=>\"http\", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id=\"BSIEG3OXZUHFJVASPPEB\">, :region=>\"us-east-1\"}}","product_name":"service","environment_tag":"intqa102","region":"us-east-1","hostname":"ip-10-185-73-159.nonprod.xyz-aws.io"}

Can you please help withh this issue ?

Thanks
Guillaume

Unable to activate faraday_middleware-aws-sigv4-0.2.5, because faraday-0.15.4 conflicts with faraday (< 0.15, >= 0.9) (Gem::ConflictError)

Problem

don't start td-agent

Starting td-agent: /opt/td-agent/embedded/lib/ruby/site_ruby/2.4.0/rubygems/specification.rb:2290:in `raise_if_conflicts': Unable to activate faraday_middleware-aws-sigv4-0.2.5, because faraday-0.15.4 conflicts with faraday (< 0.15, >= 0.9) (Gem::ConflictError)

Steps to replicate

service td-agent start

Expected Behavior or What you need to ask

dependency version change
as-is : faraday_middleware-aws-sigv4-0.2.5
to-be: faraday_middleware-aws-sigv4-0.3.0

Using Fluentd and ES plugin versions

OS version
- Linux ip-10-24-170-25 4.14.104-78.84.amzn1.x86_64 #1 SMP Mon Mar 4 19:19:37 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Fluentd version
- td-agent 1.3.3
AWS ES Service plugin version
- fluent-plugin-aws-elasticsearch-service (2.1.0)
IAM policies for AWS ES Service (optional)
ES version (optional)

fluent-plugin-aws-elasticsearch-service should inherits Fluent::Plugin::ElasticsearchOutput

Since fluent-plugin-elasticsearch 2.0.0.rc.1, plugin class structure had been changed from Fluent::ElasticsearchOutput.
To make this plugin v0.14 ready, we should inherits Fluent::Plugin::ElasticsearchOutput instead of Fluent::ElasticsearchOutput.

Ignore certificate host mismatch?

Hello. Does the plugin have the capability to ignore a host mismatch in the X.500 cert?

I have different elasticsearch domains for dev and prod. I'd like to have one fluentd conf (actually a docker image) that works in both dev and prod. I'd like to set the endpoint url to a domain name that we can vary in each environment, for example in different DNS zones, or pass in as an --add-host or Environment property to the container.

I tried using a domain (shown below as es.mydomain.com) in the endpoint url, but I'm seeing the following error:

2017-11-06 21:22:27 +0000 [warn]: #0 failed to flush the buffer. retry_time=4 next_retry_seconds=2017-11-06 21:22:27 +0000 chunk="55d570c043428d9eb6051e904e4ab690" error_class=Faraday::SSLError error="hostname \"es.mydomain.com\" does not match the server certificate (OpenSSL::SSL::SSLError)

Any suggestions to ignore the mismatch? Or are there alternate patterns for image portability?

Thanks!
Mark

Unable to send logs to s3 using aws-elasticsearch-plugin - Help!

@type forward @id input_forward
<filter *.**>
@type record_transformer

container_id ${record["container_id"]}

<match *.**>
type aws-elasticsearch-service
logstash_format true
logstash_prefix ${tag[0]}
include_tag_key true
tag_key "Application_name"
flush_interval 5s

<buffer>
  flush_at_shutdown true
  flush_mode immediate
  flush_thread_count 8
  flush_thread_interval 1
  flush_thread_burst_interval 1
  retry_forever true
  retry_type exponential_backoff
</buffer>

    <endpoint>
            url https://vpc-xxxx.us-east-1.es.amazonaws.com
            region us-east-1
            access_key_id "xxxx"
            secret_access_key "xxxx"
    </endpoint>
<match *.**>
type copy

type s3
aws_key_id "xxxxx"
aws_sec_key "xxxx"
s3_bucket "logstream-testbucket"
s3_region "us-east-1"
path logs/
buffer_path /var/log/td-agent/buffer/s3
time_slice_format %Y-%m-%d/%H
time_slice_wait 10m

OS version - Ubuntu 18.04 LTS
td-agent version : 2.5
AWS ES version - 6.8
fluent-plugin-aws-elasticsearch-service (2.1.0)

Does this module support AWS ES 6.0

I'm running fluent-plugin-aws-elasticsearch-service 1.0.0 and fluentd 0.14 configured against aws elasticsearch 2.3 but after upgrade it throws error_class=Elasticsearch::Transport::Transport::Errors::Forbidden error="[403] {"Message":"User: arn:aws:sts::ID:assumed-role/es-dev-write/fluentd is not authorized to perform: es:ESHttpPost on resource: tf-dev-icelandair-es"}

Same config works fine against ES 2.3

Failed to derive xcontent

Hi there,

First, thanks for releasing this plugin.

I was just trying to setup an ES service cluster in AWS, to send my logs there using fluentd and this plugin. For that, I've created a cluster from scratch, which is empty and uses ES 2.3

I've configured the plugin to send logs I'm already sending to other files after parsing them, and I'm seeing the following output in my fluentd console:

2016-07-28 10:02:02 +0000 [warn]: unexpected error while closing on output plugin plugin=Fluent::AwsElasticsearchServiceOutput plugin_id="object:8c7ee0" error_class=Elasticsearch::Transport::Transport::Errors::BadRequest error="[400] {\"error\":{\"root_cause\":[{\"type\":\"parse_exception\",\"reason\":\"Failed to derive xcontent\"}],\"type\":\"parse_exception\",\"reason\":\"Failed to derive xcontent\"},\"status\":400}"

Nothing is being created in my cluster. I've been trying to figure out what this could be. All I can think, is that some ruby library is not compatible with this ES version, but maybe it's another thing.

Thanks, cheers
Miguel

Can We Have Weekly Index creation?

Problem

We are currently having large number of index created on the daily bases, can we have configuration for creating index's on weekly basis. So that we could reduce more index bump out errors.
...

Steps to replicate

Provide example config and message

Expected Behavior or What you need to ask

Currently index are created as custom-index-yyyy-mm-dd
it would be encourage to have similar to below
Custom-index-yyyy-ww
...

Using Fluentd and ES plugin versions

OS version
Fluentd v0.12 or v0.14/v1.0
- paste result of fluentd --version or td-agent --version
AWS ES Service plugin version
- paste boot log of fluentd or td-agent
- paste result of fluent-gem list, td-agent-gem list or your Gemfile.lock
IAM policies for AWS ES Service (optional)
ES version (optional)

Parametrizing variables in the config

Greetings,

First off, thank you for a great plugin. This has helped me quite a bit.

The issue I'm raising is to figure out a way to parametrize or variablize the tag into the match function.

I found this plugin: https://github.com/tagomoris/fluent-plugin-forest

It's suggested by the dev of this: https://github.com/uken/fluent-plugin-elasticsearch

When I use the implementation of the forest plugin, nothing gets sent to ElasticSearch. If I don't use the forest plugin, then trying to use 'logstash_prefex ${tag}' gives the index a prefix that's explicitly ${tag}.

Here's a sample of what I'm trying to do with forest:

<match es.**>
  type forest
  subtype copy

  <store>
    type "aws-elasticsearch-service"
    logstash_format true
    logstash_prefix ${tag}
    include_tag_key true
    tag_key "@log_name"
    log_level info
    flush_interval "5s"

    <endpoint>
      url "xxx"
      region "us-east-1"
      access_key_id "xxx"
      secret_access_key "xxx"
    </endpoint>
  </store>
</match>

Any ideas?

Thanks,
Krishna T.

Connection to AWS ElasticSearch will be lost after a certain period of time

Hi,
I'm seeing something like this in the logs recently.

2016-06-30 19:30:53 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-06-30 19:30:54 +0000 error_class="Elasticsearch::Transport::Transport::Error" error="Cannot get new connection from pool." plugin_id="object:3f9e9deeaf04"
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:249:in `perform_request'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/client.rb:128:in `perform_request'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.18/lib/elasticsearch/api/actions/bulk.rb:90:in `bulk'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.5.0/lib/fluent/plugin/out_elasticsearch.rb:278:in `send'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.5.0/lib/fluent/plugin/out_elasticsearch.rb:271:in `write'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/buffer.rb:345:in `write_chunk'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/buffer.rb:324:in `pop'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/output.rb:329:in `try_flush'
  2016-06-30 19:30:53 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.20/lib/fluent/output.rb:140:in `run'
2016-06-30 19:30:54 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-06-30 19:30:56 +0000 error_class="Elasticsearch::Transport::Transport::Error" error="Cannot get new connection from pool." plugin_id="object:3f9e9deeaf04"
  2016-06-30 19:30:54 +0000 [warn]: suppressed same stacktrace

Basically, what this is according to my understanding is that this plugin will lose connection to the AWS ElasticSearch service after 1, 2 days from the start/restart of the td-agent.

There is a Websocket connection duration limit listed here but not sure if it's related.

However, I'm guessing that the connection is closed from the AWS side, but I couldn't find any documents mentioning it. Any ideas why this is happening?

Also, is there a solution to this problem already (besides manually restarting td-agent) since I'm assuming that this plugin is being used elsewhere too.

Match es.** doesn't work

Hello,
it seems like <match es.**> doesn't work and in fact the only match that works is **.
Here's what I have in my config:

<source>
  type tail
  format apache2
  time_format "%d/%b/%Y:%T %z"
  path /var/log/httpd/error_log
  pos_file /var/log/td-agent/apache.error.pos
  tag es.apache.error
</source>

<match es.**>
  type "aws-elasticsearch-service"
  type_name "error_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  flush_interval 5s

  log_level debug
  buffer_chunk_limit 512K
  max_retry_wait 300

  <endpoint>
    url "https://es-link..."
    region "us-west-1"
    access_key_id "...."
    secret_access_key "....."
  </endpoint>
</match>

Any input appreciated,
Thanks

Change fluent-plugin-elasticsearch dependency to fluent-plugin-opensearch

Problem

The current version will not work with AWS OpenSearch (the new name for AWS ElasticSearch) unless the ElasticSearch dependency is locked to an old one prior to the re-licencing.

Steps to replicate

Use this plugin, without locking the ElasticSearch dependencies, against AWS OpenSearch/ElasticSearch and it will error.

Expected Behavior or What you need to ask

It should work so this plugin should switch to using the fluent-plugin-opensearch.

Unable to start fluentd using this plugin w/ prefer_oj_serializer enabled

Problem

I was hoping to test/enable the oj serializer for better performance; however fluentd refuses to start when I set prefer_oj_serializer true using this plugin. This does not happen with the base plugin, uken/fluent-plugin-elasticsearch.

Steps to replicate

Use Dockerfile and test.conf below, build container: docker build -t fluentd:test .
Run test: docker run --rm -v $(pwd)/test.conf:/etc/fluent/fluent.conf -it fluentd:test -c /etc/fluent/fluent.conf --dry-run
With prefer_oj_serializer false dry run is successful, with prefer_oj_serializer true dry run dumps the traceback below.

traceback

Traceback (most recent call last):
	18: from /usr/bin/fluentd:23:in `<main>'
	17: from /usr/bin/fluentd:23:in `load'
	16: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/bin/fluentd:8:in `<top (required)>'
	15: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:83:in `require'
	14: from /usr/lib/ruby/2.7.0/rubygems/core_ext/kernel_require.rb:83:in `require'
	13: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/command/fluentd.rb:345:in `<top (required)>'
	12: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/supervisor.rb:648:in `run_supervisor'
	11: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/engine.rb:80:in `run_configure'
	10: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/engine.rb:105:in `configure'
	 9: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/root_agent.rb:143:in `configure'
	 8: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/root_agent.rb:143:in `each'
	 7: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/root_agent.rb:143:in `block in configure'
	 6: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/label.rb:31:in `configure'
	 5: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/agent.rb:64:in `configure'
	 4: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/agent.rb:64:in `each'
	 3: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/agent.rb:74:in `block in configure'
	 2: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/agent.rb:132:in `add_match'
	 1: from /usr/lib/ruby/gems/2.7.0/gems/fluentd-1.12.4/lib/fluent/plugin.rb:178:in `configure'
/usr/lib/ruby/gems/2.7.0/gems/fluent-plugin-elasticsearch-5.1.0/lib/fluent/plugin/out_elasticsearch.rb:296:in `configure': uninitialized constant Fluent::Plugin::ElasticsearchOutput::Elasticsearch::API (NameError)

Dockerfile

FROM fluent/fluentd:v1.12.4-1.3

USER root

RUN apk upgrade --update --no-cache \
    && apk add --update --no-cache \
    build-base \
    && apk add --no-cache --update --virtual .build-deps sudo ruby-dev \
    && sudo gem install elasticsearch -v 7.13.3 \
    && sudo gem install fluent-plugin-elasticsearch \
    && sudo gem install fluent-plugin-aws-elasticsearch-service \
    && sudo gem sources --clear-all \
    && apk del .build-deps \
    && rm -rf /var/cache/apk/* \
    && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem

USER fluent

test.conf

<system>
  log_level warn
  root_dir /fluentd/log
</system>

<source>
  @type forward
  @id "in-forward"
  @label @test
  @log_level warn
  port 24224
  bind 0.0.0.0
  add_tag_prefix test
</source>

<label @test>
  <match **>
    @type "aws-elasticsearch-service"
    @id "out-aws-es"
    @log_level warn
    logstash_format true
    logstash_prefix test
    logstash_dateformat %Y-%m-%d
    include_timestamp true
    include_tag_key true
    time_key timestamp
    reconnect_on_error true
    reload_on_failure true
    reload_connections false
    prefer_oj_serializer true
    <endpoint>
      url https://127.0.0.1
      region us-east-2
      assume_role_arn none
    </endpoint>
  </match>
</label>

Expected Behavior or What you need to ask

Can you help me understand...

Is the oj serializer supported by this plugin? Why or why not?
Am I missing something?

Using Fluentd and ES plugin versions

Docker fluent/fluentd:v1.12.4-1.3
ES plugin fluent-plugin-elasticsearch-5.1.0
ES version 7.10

Getting "undefined method `[]`" when using this with ES 6.0 on AWS

Trying to post to an ES 6.0 domain in AWS and getting the following error. I can't find any information on the undefined method \[]`` error it's complaining about though. Is there any additional logging I can enable to make debugging this any easier?

2018-03-01 19:20:39 +0000 [info]: #0 fluentd worker is now running worker=0
2018-03-01 19:20:44 +0000 [warn]: #0 failed to flush the buffer. retry_time=0 next_retry_seconds=2018-03-01 19:20:45 +0000 chunk="5665ec1468f652a7261c16755f23a988" error_class=NoMethodError error="undefined method `[]' for nil:NilClass"
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/excon-0.60.0/lib/excon/connection.rb:244:in `request'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/faraday-0.14.0/lib/faraday/adapter/excon.rb:49:in `call'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/faraday_middleware-aws-signers-v4-0.1.1/lib/faraday_middleware/request/aws_signers_v4.rb:41:in `call'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/faraday-0.14.0/lib/faraday/rack_builder.rb:143:in `build_response'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/faraday-0.14.0/lib/faraday/connection.rb:387:in `run_request'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/elasticsearch-transport-6.0.1/lib/elasticsearch/transport/transport/http/faraday.rb:23:in `block in perform_request'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/elasticsearch-transport-6.0.1/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/elasticsearch-transport-6.0.1/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/elasticsearch-transport-6.0.1/lib/elasticsearch/transport/client.rb:131:in `perform_request'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/elasticsearch-api-6.0.1/lib/elasticsearch/api/actions/ping.rb:20:in `ping'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluent-plugin-elasticsearch-2.0.1/lib/fluent/plugin/out_elasticsearch.rb:191:in `client'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluent-plugin-elasticsearch-2.0.1/lib/fluent/plugin/out_elasticsearch.rb:425:in `rescue in send_bulk'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluent-plugin-elasticsearch-2.0.1/lib/fluent/plugin/out_elasticsearch.rb:420:in `send_bulk'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluent-plugin-elasticsearch-2.0.1/lib/fluent/plugin/out_elasticsearch.rb:407:in `write'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluent-plugin-aws-elasticsearch-service-1.0.0/lib/fluent/plugin/out_aws-elasticsearch-service.rb:61:in `write'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.25/lib/fluent/plugin/output.rb:1093:in `try_flush'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.25/lib/fluent/plugin/output.rb:1318:in `flush_thread_run'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.25/lib/fluent/plugin/output.rb:439:in `block (2 levels) in start'
  2018-03-01 19:20:44 +0000 [warn]: #0 /usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.25/lib/fluent/plugin_helper/thread.rb:78:in `block in thread_create'

Plan for proxy_uri support

Are there any plans on adding proxy_uri support for connecting to aws elasticsearch through a proxy ?

Using example config, queues but never sends logs to Elasticsearch

I'm trying to send my logs using the default example configuration shown here in the logs but it's not working, it just says it's constantly en-queuing but never sends anything out. I installed fluentd from the ruby gem and run it this way: nohup fluentd -c $HOME/fluent/fluent.conf -vv&>$HOME/fluent/logs/fluentd.log&

Here's an example of how I changed my:

<source>
  @type tail
  format apache2
  time_format "%d/%b/%Y:%T %z"
  path "/var/log/httpd/access_log_20180702-190810.log"
  pos_file "/home/ec2-user/fluent/pos/apachev2.access.pos"
  tag "jose.apache.access"
</source>

<match jose.**>
  @type aws-elasticsearch-service
  type_name "access_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  flush_interval 1s
  <endpoint>
    url "https://myurl.us-east-2.es.amazonaws.com"
    region "us-east-2"
    access_key_id "ACCESS_KEY"
    secret_access_key "SECRET_ACCESS_KEY"
  </endpoint>
</match>

The logs don't show any errors to my understanding, but I do see that it constantly is adding things to a queue but never sends them out.

[ec2-user@ip-10-0-0-xxx logs]$ tail -100 fluentd.log
2018-07-03 13:40:57 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:40:58 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:40:59 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:00 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:01 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:02 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:03 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:04 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:05 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:06 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480
2018-07-03 13:41:07 +0000 [trace]: #0 fluent/log.rb:281:trace: enqueueing all chunks in buffer instance=46954251059480

Query : Aws elastic search plugin will support multiple outputs(i.e s3)

Problem

Unable to send logs to AWS ES and S3 at same time and nothing shows up in logs. At this point of time would like to check AWS ES plugin will support s3?

Td-agent version : 2.5.x

Infrastructure > AWS ECS > Fluentd Aggregrators (2 instances and load balanced) > ES > Kibana

As we see some lags (5 to 6mins) in logs processing would like to check with adding other output(like s3) to view the logs. Is this right action to take?

Config :

@type forward @id input_forward

<filter *.**>
@type record_transformer

container_id ${record["container_id"]}

<match *.**>
type aws-elasticsearch-service
logstash_format true
logstash_prefix ${tag[0]}
include_tag_key true
tag_key "Application_name"
flush_interval 5s

<buffer>
  flush_at_shutdown true
  flush_mode immediate
  flush_thread_count 8
  flush_thread_interval 1
  flush_thread_burst_interval 1
  retry_forever true
  retry_type exponential_backoff
</buffer>

    <endpoint>
            url https://vpc-xxxx.aws.amazon.com
            region us-east-1
            access_key_id "xxxxxxxxxxxxxxxx"
            secret_access_key "xxxxxxxxxxxxxxxxxxxx"
    </endpoint>

OS version - Ubuntu 18.04 LTS
td-agent version : 2.5
AWS ES version - 6.8
fluent-plugin-aws-elasticsearch-service (2.1.0)

Getting "ArgumentError" on docker

Hello.

I'm trying post to an ES 6.4 domain in AWS using the fluentd container on docker but getting the following error.
What is the wrong?

docker-fluentd |   <source>
docker-fluentd |     @type forward
docker-fluentd |     port 24224
docker-fluentd |     bind "0.0.0.0"
docker-fluentd |   </source>
docker-fluentd |   <match docker.docker-nginx.**>
docker-fluentd |     @type aws-elasticsearch-service
docker-fluentd |     type_name "access_log"
docker-fluentd |     logstash_format true
docker-fluentd |     include_tag_key true
docker-fluentd |     tag_key "@log_name"
docker-fluentd |     flush_interval 1s
docker-fluentd |     <endpoint>
docker-fluentd |       url "https://search-**************************.ap-northeast-1.es.amazonaws.com"
docker-fluentd |       region "ap-northeast-1"
docker-fluentd |     </endpoint>
docker-fluentd |     <buffer>
docker-fluentd |       flush_interval 1s
docker-fluentd |     </buffer>
docker-fluentd |   </match>
docker-fluentd | </ROOT>
docker-fluentd | 2019-03-03 14:51:14 +0000 [info]: starting fluentd-1.3.3 pid=6 ruby="2.5.2"
docker-fluentd | 2019-03-03 14:51:14 +0000 [info]: spawn command to main:  cmdline=["/usr/bin/ruby", "-Eascii-8bit:ascii-8bit", "/usr/bin/fluentd", "-c", "/fluentd/etc/fluent.conf", "-p", "/fluentd/plugins", "--under-supervisor"]
docker-fluentd | 2019-03-03 14:51:15 +0000 [info]: gem 'fluent-plugin-aws-elasticsearch-service' version '2.0.0'
docker-fluentd | 2019-03-03 14:51:15 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '3.3.0'
docker-fluentd | 2019-03-03 14:51:15 +0000 [info]: gem 'fluentd' version '1.3.3'
docker-fluentd | 2019-03-03 14:51:15 +0000 [info]: adding match pattern="docker.docker2-nginx.**" type="aws-elasticsearch-service"
docker-fluentd | 2019-03-03 14:51:16 +0000 [info]: #0 'flush_interval' is configured at out side of <buffer>. 'flush_mode' is set to 'interval' to keep existing behaviour
docker-fluentd | 2019-03-03 14:51:16 +0000 [error]: #0 unexpected error error_class=ArgumentError error="wrong number of arguments (given 1, expected 0)"
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-aws-elasticsearch-service-2.0.0/lib/fluent/plugin/out_aws-elasticsearch-service.rb:34:in `get_connection_options'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.3.0/lib/fluent/plugin/out_elasticsearch.rb:353:in `client'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.3.0/lib/fluent/plugin/elasticsearch_index_template.rb:36:in `rescue in retry_operate'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.3.0/lib/fluent/plugin/elasticsearch_index_template.rb:34:in `retry_operate'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.3.0/lib/fluent/plugin/out_elasticsearch.rb:238:in `configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/plugin.rb:164:in `configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/agent.rb:130:in `add_match'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/agent.rb:72:in `block in configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/agent.rb:64:in `each'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/agent.rb:64:in `configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/root_agent.rb:112:in `configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/engine.rb:131:in `configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/engine.rb:96:in `run_configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/supervisor.rb:795:in `run_configure'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/supervisor.rb:548:in `block in run_worker'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/supervisor.rb:724:in `main_process'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/supervisor.rb:544:in `run_worker'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/lib/fluent/command/fluentd.rb:316:in `<top (required)>'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.3.3/bin/fluentd:8:in `<top (required)>'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/bin/fluentd:23:in `load'
docker-fluentd |   2019-03-03 14:51:16 +0000 [error]: #0 /usr/bin/fluentd:23:in `<main>'
docker-fluentd | 2019-03-03 14:51:16 +0000 [info]: Worker 0 finished unexpectedly with status 1

Incidentally the following is my Dockerfile about fluentd image.

FROM fluent/fluentd:v1.3.3-onbuild-1.0

# Use root account to use apk
USER root

# below RUN includes plugin as examples elasticsearch is not required
# you may customize including plugins as you wish
RUN apk add --no-cache --update --virtual .build-deps \
        sudo build-base ruby-dev
RUN sudo gem install \
        fluent-plugin-elasticsearch \
        fluent-plugin-aws-elasticsearch-service \
    && sudo gem sources --clear-all \
    && apk del .build-deps \
    && rm -rf /home/fluent/.gem/ruby/2.5.0/cache/*.gem

USER fluent

Fluentd-Elasticsearch helm chart

I stumbled across this post as I was troubleshooting an issue I was having with the fluentd-elasticsearch daemonset. I used Helm to install it onto my cluster. I updated the chart with a kube2iam annotation that assigns the pod an IAM role that allows it to post to my ES cluster. However, when I try to specify the role in the ES access policy I see the following in the fluentd logs:

2018-12-21 05:41:18 +0000 [warn]: [elasticsearch] failed to flush the buffer. retry_time=12 next_retry_seconds=2018-12-21 05:41:51 +0000 chunk="57d81ab28c5dc9c86e0e22f1c7e44525" error_class=Elasticsearch::Transport::Transport::Errors::Forbidden error="[403] {\"Message\":\"User: anonymous is not authorized to perform: es:ESHttpPost\"}"

When I exec into the container and curl the metadata endpoint, I can see that the pod is getting the role I've assigned to it, but I still can't seem to post to ES.

My access policy looks like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "role-arn"
      },
      "Action": [
        "es:ESHttpPost",
        "es:ESHttpPut"
      ],
      "Resource": "resource-arn/domain/<domain-name>/*"
    }
  ]
}

Do I need to add something to the configmap that the chart create in order for fluentd to use the role assigned to the pod?

Does this project have an active maintainer?

I see that there are no changes merged for like half a year. I would like to use this package but it seems that it does not have an active maintainer?

Release v1.0.0

If the fatal issue is not reported on v1.0.0-alpha, we will release it on October 29.

refs: #32

Dynamic configuration

Is it possible for the plugin use a dynamic configuration?

For example, have the match pattern of fluentd specify a type name in elasticsearch? The Fluentd elasticsearch plugin (which this plugin extends?) allows this to happen.

I've had a play around with the source and have not successfully been able to get it working with the dynamic plugin, but I'm not a ruby dev. Does anyone know if this is possible or am I just shooting in the dark?

Many thanks!

This plugin is not compatible with other plugins using the latest elasticsearch gems

Problem

This plugin relies on the elasticsearch, elasticsearch-api & elasticsearch-transport gems and only works when these are locked to versions that predate the Elastic licence changes. This makes this plugin incompatible with other plugins that require the latest version of any of these Elasticsearch gems.

I'd like to see these gems forked from the pre Elastic licence change versions, specifically to support the AWS Elasticsearch Service (if not already done), and then referenced from this plugin instead of the current gems. I'd propose aws-elasticsearch, aws-elasticsearch-api & aws-elasticsearch-transport with the caveat that my Ruby knowledge is pretty basic.

Steps to replicate

Install this plugin without constraining the Elasticsearch gem versions.

Expected Behavior or What you need to ask

This plugin should work alongside the fluent-plugin-elasticsearch using the latest Elasticsearch gems.

Using Fluentd and ES plugin versions

n/a

How can I set the _type from the tag?

Hello.

I'd like to send in the _type dynamically based on the tag, as in:

<match **>
@type aws-elasticsearch-service
type_name ${tag}
...
</match>

but literal ${tag} shows in the _type field kibana.

Are there any variables that work there?

Also tried setting the following:

include_tag_key true
tag_key "_type"

but that didn't work.

Suggestions?

Thanks!
Mark

Unable to handle ElasticSearch "RequestEntityTooLarge" error correctly

Hi,

We receive the following error when pushing a "chunk" to ElasticSearch:

2017-07-18 10:11:32 +0000 [warn]: failed to flush the buffer. plugin_id="object:15aa644" retry_time=10 next_retry=2017-07-18 10:20:36 +0000 chunk="554949b8663b0bd8416988071dcd1bf3" error_class=Elasticsearch::Transport::Transport::Errors::RequestEntityTooLarge error="[413] {\"Message\":\"Request size exceeded 10485760 bytes\"}"

017-07-18 10:11:32 +0000 [debug]: chunk taken back instance=22660880 chunk_id="554949b8663b0bd8416988071dcd1bf3" metadata=#<struct Fluent::Plugin::Buffer::Metadata timekey=nil, tag="kubernetes.var.lib.rkt.pods.run.410d6112-b970-40d7-8b71-c5ee25452c17.stage1.rootfs.opt.stage2.hyperkube.rootfs.var.log.containers.service-2066068252-ns9xw_int_service-9058641f27539563ca400a4c1507ef500c48a6a2daa60d0b9330f0fd9c91b63e.log", variables=nil>

What happens next is that the plugin retries to deliver this chunk indefinitely and doesn't ever "move past it" and continue processing "chunks" which are not "too large".

Therefore, this effectively blocks any progress and logs are not ending up in our ElasticSearch cluster with no functional difference to FluentD being "down".

The plugin should not "retry" the "chunk" in this scenario as there is almost no chance that the ElasticSearch cluster will lift it's "max payload" limits.

I would expect the plugin to:

Log this as an "error" not a "warning"?
If the plugin receives this error back from ES, write the "chunk" to disk somewhere (dead letter queue?) and "move on"

We are also looking at filtering out very large log entries before they hit the plugin.

unable to sign request without credentials set when role-arn is provided to plugin

Problem

unable to sign request without credentials set with role-arn, I tried with right role arn but working fine with access_key_id and secret_access_key which is working fine.

Im trying to send logs from k8s to aws elastic search and I see fluentd logs with error_class=Aws::Errors::MissingCredentialsError error="unable to sign request without credentials set"
...

Steps to replicate

I used the example https://github.com/aws-samples/amazon-eks-fluent-logging-examples/tree/mainline/examples/aggregator-to-amazon-elasticsearch to create filebeat, fluentd and publish logs to elastic search.

I create env variables with AWS creds and yet I see the above error in fluentd logs.

            - name: AWS_IAM_ROLE_ARN
              value: "arn:aws:iam::***:role/test-role"

          url "#{ENV['AWS_ES_URL']}"
          region "#{ENV['AWS_ES_REGION']}"
          assume_role_arn "#{ENV['AWS_IAM_ROLE_ARN']}"

2021-07-17 16:00:18 +0000 [error]: #0 unexpected error error_class=Aws::Errors::MissingCredentialsError error="unable to sign request without credentials set"
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/signature_v4.rb:72:in `sign_request'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/signature_v4.rb:112:in `apply_signature'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/signature_v4.rb:65:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/transfer_encoding.rb:26:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/helpful_socket_errors.rb:10:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/retry_errors.rb:177:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/query/handler.rb:28:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/user_agent.rb:13:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/endpoint_pattern.rb:28:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/endpoint_discovery.rb:78:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/seahorse/client/plugins/endpoint.rb:45:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/param_validator.rb:24:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/seahorse/client/plugins/raise_response_errors.rb:14:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/jsonvalue_converter.rb:20:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/idempotency_token.rb:17:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/param_converter.rb:24:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/plugins/response_paging.rb:10:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/seahorse/client/plugins/response_target.rb:23:in `call'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/seahorse/client/request.rb:70:in `send_request'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-sts/client.rb:603:in `assume_role'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/assume_role_credentials.rb:49:in `refresh'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/refreshing_credentials.rb:20:in `initialize'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/aws-sdk-core-3.72.1/lib/aws-sdk-core/assume_role_credentials.rb:40:in `initialize'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-aws-elasticsearch-service-2.2.0/lib/fluent/plugin/out_aws-elasticsearch-service.rb:115:in `new'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-aws-elasticsearch-service-2.2.0/lib/fluent/plugin/out_aws-elasticsearch-service.rb:115:in `sts_credential_provider'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-aws-elasticsearch-service-2.2.0/lib/fluent/plugin/out_aws-elasticsearch-service.rb:89:in `block in credentials'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-aws-elasticsearch-service-2.2.0/lib/fluent/plugin/out_aws-elasticsearch-service.rb:107:in `inspect'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:58:in `inspect'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:58:in `redact'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:52:in `block in redacted_string'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:51:in `each'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:51:in `reduce'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:51:in `redacted_string'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/redacted.rb:36:in `inspect'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/transport/base.rb:311:in `rescue in perform_request'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/transport/base.rb:258:in `perform_request'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/transport/http/faraday.rb:24:in `perform_request'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-transport-7.3.0/lib/elasticsearch/transport/client.rb:152:in `perform_request'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/elasticsearch-api-7.3.0/lib/elasticsearch/api/actions/info.rb:19:in `info'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.5.6/lib/fluent/plugin/out_elasticsearch.rb:341:in `detect_es_major_version'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.5.6/lib/fluent/plugin/out_elasticsearch.rb:248:in `block in configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.5.6/lib/fluent/plugin/elasticsearch_index_template.rb:35:in `retry_operate'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluent-plugin-elasticsearch-3.5.6/lib/fluent/plugin/out_elasticsearch.rb:247:in `configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/plugin.rb:164:in `configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:130:in `add_match'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:72:in `block in configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:64:in `each'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/agent.rb:64:in `configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/label.rb:31:in `configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:147:in `block in configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:147:in `each'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:147:in `configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/engine.rb:131:in `configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/engine.rb:96:in `run_configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:812:in `run_configure'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:558:in `block in run_worker'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:741:in `main_process'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:554:in `run_worker'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/lib/fluent/command/fluentd.rb:330:in `<top (required)>'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/2.5.0/rubygems/core_ext/kernel_require.rb:59:in `require'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/lib/ruby/gems/2.5.0/gems/fluentd-1.7.4/bin/fluentd:8:in `<top (required)>'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/bin/fluentd:23:in `load'
  2021-07-17 16:00:18 +0000 [error]: #0 /usr/bin/fluentd:23:in `<main>'
2021-07-17 16:00:18 +0000 [info]: Worker 0 finished unexpectedly with status 1
2021-07-17 16:00:18 +0000 [info]: gem 'fluent-plugin-aws-elasticsearch-service' version '2.2.0'
2021-07-17 16:00:18 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '3.5.6'
2021-07-17 16:00:18 +0000 [info]: gem 'fluentd' version '1.7.4'
2021-07-17 16:00:18 +0000 [info]: adding match in @ES pattern="kube.var.log.containers.fluent**" type="null"
2021-07-17 16:00:18 +0000 [info]: adding filter in @ES pattern="kube.var.log.containers.apache**" type="parser"
2021-07-17 16:00:18 +0000 [info]: adding match in @ES pattern="**" type="aws-elasticsearch-service"

#### Expected Behavior or What you need to ask
Logs written to AWS elastic search
...

NoMethodError

2015-11-16 14:56:55 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2015-11-16 14:57:05 +0000 error_class="NoMethodError" error="undefined method `credentials' for nil:NilClass" plugin_id="object:3fc87c3ce914"

I installed this plugin using /opt/td-agent/embedded/fluent-gem install fluent-plugin-aws-elasticsearch-service

Getting intermittent "Internal Server Error"

I'm using fluent-plugin-aws-elasticsearch-service v0.1.6 and the following config:

    type aws-elasticsearch-service
    log_level info
    include_tag_key true
    logstash_format true
    logstash_prefix p15
    buffer_type memory
    buffer_chunk_limit 8m
    buffer_queue_limit 8192
    flush_interval 10s
    retry_limit 10
    disable_retry_limit 
    retry_wait 1s
    max_retry_wait 60s
    num_threads 1
    reload_connections false
    resurrect_after 5
    <endpoint>
      url https://xxxx.us-west-2.es.amazonaws.com
      region xxx
    </endpoint>
  </match>

I'm getting too many "Internal Server Errors". Some retries go through and succeed. Here's the logs:

2016-12-05 23:27:44 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:27:45 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] " plugin_id="object:1e5927c"
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:201:in `__raise_transport_error'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:312:in `perform_request'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/client.rb:128:in `perform_request'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.18/lib/elasticsearch/api/actions/ping.rb:20:in `ping'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.7.0/lib/fluent/plugin/out_elasticsearch.rb:146:in `client'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.7.0/lib/fluent/plugin/out_elasticsearch.rb:335:in `rescue in send'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.7.0/lib/fluent/plugin/out_elasticsearch.rb:333:in `send'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.7.0/lib/fluent/plugin/out_elasticsearch.rb:318:in `write'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/buffer.rb:354:in `write_chunk'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/buffer.rb:333:in `pop'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/output.rb:338:in `try_flush'
  2016-12-05 23:27:44 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/output.rb:149:in `run'
2016-12-05 23:27:45 +0000 [info]: Connection opened to Elasticsearch cluster => {:host=>"xxx.es.amazonaws.com", :port=>443, :scheme=>"https", :aws_elasticsearch_service=>{:credentials=>#<Aws::Credentials access_key_id="XXXXXX">, :region=>"us-west-2"}}
2016-12-05 23:27:45 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:27:47 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] {\"message\":null}" plugin_id="object:1e5927c"
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:201:in `__raise_transport_error'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/base.rb:312:in `perform_request'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.18/lib/elasticsearch/transport/client.rb:128:in `perform_request'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.18/lib/elasticsearch/api/actions/bulk.rb:90:in `bulk'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.7.0/lib/fluent/plugin/out_elasticsearch.rb:334:in `send'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.7.0/lib/fluent/plugin/out_elasticsearch.rb:318:in `write'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/buffer.rb:354:in `write_chunk'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/buffer.rb:333:in `pop'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/output.rb:338:in `try_flush'
  2016-12-05 23:27:45 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.29/lib/fluent/output.rb:149:in `run'
2016-12-05 23:27:47 +0000 [warn]: retry succeeded. plugin_id="object:1e5927c"
2016-12-05 23:27:55 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:27:56 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] {\"message\":null}" plugin_id="object:1e5927c"
  2016-12-05 23:27:55 +0000 [warn]: suppressed same stacktrace
2016-12-05 23:27:56 +0000 [warn]: retry succeeded. plugin_id="object:1e5927c"
2016-12-05 23:28:15 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:28:16 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] {\"message\":null}" plugin_id="object:1e5927c"
  2016-12-05 23:28:15 +0000 [warn]: suppressed same stacktrace
2016-12-05 23:28:16 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:28:18 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] {\"message\":null}" plugin_id="object:1e5927c"
  2016-12-05 23:28:16 +0000 [warn]: suppressed same stacktrace
2016-12-05 23:28:18 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:28:22 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] {\"message\":null}" plugin_id="object:1e5927c"
  2016-12-05 23:28:18 +0000 [warn]: suppressed same stacktrace
2016-12-05 23:28:22 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-12-05 23:28:30 +0000 error_class="Elasticsearch::Transport::Transport::Errors::InternalServerError" error="[500] {\"message\":null}" plugin_id="object:1e5927c"
  2016-12-05 23:28:22 +0000 [warn]: suppressed same stacktrace
2016-12-05 23:28:31 +0000 [warn]: retry succeeded. plugin_id="object:1e5927c"

I'm using fluent-plugin-aws-elasticsearch-service v0.1.6

specifying aws-es index name

specifying index name

In the project below we are able to specify index name

https://github.com/fluent/fluentd-kubernetes-daemonset/blob/master/docker-image/v1.9/debian-elasticsearch7/conf/fluent.conf

I tried to specify the index name in the same lines

<match es.**>
  @type "aws-elasticsearch-service"
  type_name "access_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  flush_interval 1s
  index_name my-index
</match>

but index-name is not taking effect.

Steps to replicate

<match es.**>
  @type "aws-elasticsearch-service"
  type_name "access_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  flush_interval 1s
  index_name customname
  <endpoint>
    url "#{ENV['AWS_ES_CLUSTER_ENDPOINT']}"
    region "#{ENV['AWS_ES_CLUSTER_REGION']}"
    access_key_id "#{ENV['AWS_ES_USER_ACCESS_KEY']}"
    secret_access_key "#{ENV['AWS_ES_USER_SECRET_KEY']}"
  </endpoint>
</match>

The index is logstash-* but i wanted it to be customname-*

Expected Behavior or What you need to ask

... Index in aws-es to be customname-*

Using Fluentd and ES plugin versions

OS version - Amazon Linux 2
*Gem file
'fluent-plugin-aws-elasticsearch-service' version '2.4.0'
'fluentd' version '1.9.3'
AWS ES Service plugin version - 7.4

emit transaction failed: error_class=NoMethodError error="undefined method `full_pack'

Problem

Suddenly, in recent days, td-agent stops sending events via the ES plugin, showing the following for each event in its log file:

2019-08-27 06:57:24 +0000 [warn]: #0 emit transaction failed: error_class=NoMethodError error="undefined method `full_pack' for #<MessagePack::Packer:0x007f3de657dbb0>" location="/opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-1.7.0/lib/fluent/event.rb:63:in `to_msgpack_stream'" tag="**************"

From what I could gather, this did not occur on machines where td-agent --version showed "1.6.3", but did start recently in machines with td-agent showing version 1.7.0. Also, looking at the logs, it showed fluentd 1.7.0 instead of 1.6.3 and fluentd elastic search plugin changed from 3.5.4 to 3.5.5. We do not install the plugin directly, but rather via fluent-plugin-aws-elasticsearch-service.

Steps to replicate

in ubuntu:

curl -L https://toolbelt.treasuredata.com/sh/install-ubuntu-xenial-td-agent2.sh | sh
td-agent-gem install fluent-plugin-aws-elasticsearch-service

The td-agent conf file is:

<source>
  @type syslog
  tag syslog
</source>

<source> 
  @type tail
  format multiline
  format_firstline /^\d{4}-\d{2}-\d{2}/
  format1 /^(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d+)\s+\[(?<pid>.+)\]\s+(?<level>[^ ]+)\s+(?<message>.*)/
  time_format %Y-%m-%d %H:%M:%S,%N
  time_key timestamp
  path /var/log/xxxx/x*
  tag xxxx
</source>

<filter **>
  @type record_transformer
  enable_ruby
  remove_keys ["error"]
  <record>
    hostname "#{Socket.gethostname}"
    environment dev
  </record>
</filter>

<match fluent.**>
  @type null
</match>

<match **>
  @type "aws-elasticsearch-service"
  type_name "access_log"
  logstash_format true
  include_tag_key true
  tag_key "@log_name"
  reload_connections false
  flush_interval 1s
  <endpoint>
   url xxxxxxx
   region xxxxx
  </endpoint>
  <secondary>
    @type file
    path /var/log/td-agent/failed_records
  </secondary>
</match>

Expected Behavior or What you need to ask

error should not be issued, and the event should be emitted correctly to ES

Using Fluentd and ES plugin versions

Ubuntu 18.04
td-agent 1.7.0

boot log:

2019-08-27 08:56:08 +0000 [info]: parsing config file is succeeded path="/etc/td-agent/td-agent.conf"
2019-08-27 08:56:08 +0000 [warn]: secondary type should be same with primary one primary="Fluent::TreasureDataLogOutput" secondary="Fluent::Plugin::FileOutput"
2019-08-27 08:56:08 +0000 [info]: using configuration file: <ROOT>
  <source>
    @type syslog
    tag "syslog"
  </source>
  <source>
    @type tail
    format multiline
    format_firstline /^\d{4}-\d{2}-\d{2}/
    format1 /^(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d+)\s+\[(?<pid>.+)\]\s+(?<level>[^ ]+)\s+(?<message>.*)/
    time_format %Y-%m-%d %H:%M:%S,%N
    time_key timestamp
    path "/var/log/xxxx/x*"
    tag "xxx.xxx"
    <parse>
      time_key timestamp
      time_format %Y-%m-%d %H:%M:%S,%N
      format_firstline /^\d{4}-\d{2}-\d{2}/
      @type multiline
      format1 /^(?<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d+)\s+\[(?<pid>.+)\]\s+(?<level>[^ ]+)\s+(?<message>.*)/
    </parse>
  </source>
  <filter **>
    @type record_transformer
    enable_ruby 
    remove_keys ["error"]
    <record>
      hostname 1fffcfd5bb61
      environment staging
    </record>
  </filter>
  <match fluent.**>
    @type null
  </match>
  <match **>
    @type aws-elasticsearch-service
    type_name "access_log"
    logstash_format true
    include_tag_key true
    tag_key "@log_name"
    reload_connections false
    flush_interval 1s
    <endpoint>
      url "xxxxx"
      region "xxxxx"
    </endpoint>
    <secondary>
      @type "file"
      path "/var/log/td-agent/failed_records"
      <buffer time>
        path /var/log/td-agent/failed_records
      </buffer>
    </secondary>
    <buffer>
      flush_interval 1s
    </buffer>
  </match>
</ROOT>
2019-08-27 08:56:08 +0000 [info]: starting fluentd-1.7.0 pid=105 ruby="2.1.10"
2019-08-27 08:56:08 +0000 [info]: spawn command to main:  cmdline=["/opt/td-agent/embedded/bin/ruby", "-Eascii-8bit:ascii-8bit", "/usr/sbin/td-agent", "--log", "/var/log/td-agent/td-agent.log", "--daemon", "/var/run/td-agent/td-agent.pid", "--under-supervisor"]
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-mixin-plaintextformatter' version '0.2.6'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-aws-elasticsearch-service' version '2.1.0'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '3.5.5'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-kafka' version '0.6.1'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-mongo' version '0.8.1'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-rewrite-tag-filter' version '1.5.6'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-s3' version '0.8.5'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-scribe' version '0.10.14'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-td' version '0.10.29'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-td-monitoring' version '0.2.3'
2019-08-27 08:56:08 +0000 [info]: gem 'fluent-plugin-webhdfs' version '0.7.1'
2019-08-27 08:56:08 +0000 [info]: gem 'fluentd' version '1.7.0'
2019-08-27 08:56:08 +0000 [info]: gem 'fluentd' version '0.12.40'
2019-08-27 08:56:08 +0000 [info]: adding match pattern="td.*.*" type="tdlog"
2019-08-27 08:56:08 +0000 [warn]: #0 secondary type should be same with primary one primary="Fluent::TreasureDataLogOutput" secondary="Fluent::Plugin::FileOutput"
2019-08-27 08:56:08 +0000 [info]: adding match pattern="debug.**" type="stdout"
2019-08-27 08:56:08 +0000 [info]: adding source type="forward"
2019-08-27 08:56:08 +0000 [info]: adding source type="http"
2019-08-27 08:56:08 +0000 [info]: adding source type="debug_agent"
2019-08-27 08:56:08 +0000 [info]: #0 starting fluentd worker pid=115 ppid=110 worker=0
2019-08-27 08:56:08 +0000 [info]: #0 listening dRuby uri="druby://127.0.0.1:24230" object="Fluent::Engine" worker=0
2019-08-27 08:56:08 +0000 [info]: #0 listening port port=24224 bind="0.0.0.0"
2019-08-27 08:56:08 +0000 [info]: #0 fluentd worker is now running worker=0

*** LOCAL GEMS ***

actionmailer (4.2.8)
actionpack (4.2.8)
actionview (4.2.8)
activejob (4.2.8)
activemodel (4.2.8)
activerecord (4.2.8)
activesupport (4.2.8)
addressable (2.5.2, 2.5.1)
arel (6.0.4)
aws-eventstream (1.0.3)
aws-partitions (1.206.0)
aws-sdk (2.10.45)
aws-sdk-core (3.64.0, 2.10.45)
aws-sdk-resources (2.10.45)
aws-sigv4 (1.1.0, 1.0.2)
bigdecimal (default: 1.2.4)
bson (4.1.1)
builder (3.2.3)
bundler (1.14.5)
celluloid (0.15.2)
concurrent-ruby (1.1.5)
cool.io (1.5.1)
crass (1.0.2)
diff-lcs (1.3)
dig_rb (1.0.1)
draper (1.4.0)
elasticsearch (7.3.0)
elasticsearch-api (7.3.0)
elasticsearch-transport (7.3.0)
erubis (2.7.0)
excon (0.66.0)
faraday (0.15.4)
faraday_middleware-aws-sigv4 (0.2.4)
fluent-logger (0.7.1)
fluent-mixin-plaintextformatter (0.2.6)
fluent-plugin-aws-elasticsearch-service (2.1.0)
fluent-plugin-elasticsearch (3.5.5)
fluent-plugin-kafka (0.6.1)
fluent-plugin-mongo (0.8.1)
fluent-plugin-rewrite-tag-filter (1.5.6)
fluent-plugin-s3 (0.8.5)
fluent-plugin-scribe (0.10.14)
fluent-plugin-td (0.10.29)
fluent-plugin-td-monitoring (0.2.3)
fluent-plugin-webhdfs (0.7.1)
fluentd (1.7.0, 0.12.40)
fluentd-ui (0.4.4)
font-awesome-rails (4.7.0.1)
globalid (0.4.0)
haml (4.0.7)
haml-rails (0.5.3)
hike (1.2.3)
hirb (0.7.3)
http_parser.rb (0.6.0)
httpclient (2.8.2.4)
i18n (0.8.1)
io-console (default: 0.4.3)
ipaddress (0.8.3)
jbuilder (2.6.3)
jmespath (1.3.1)
jquery-rails (3.1.4)
json (default: 1.8.1)
kramdown (1.13.2)
kramdown-haml (0.0.3)
loofah (2.1.1, 2.0.3)
ltsv (0.1.0)
mail (2.6.4)
mime-types (3.1)
mime-types-data (3.2016.0521)
mini_portile2 (2.3.0, 2.1.0)
minitest (5.10.1, default: 4.7.5)
mixlib-cli (1.7.0)
mixlib-config (2.2.4)
mixlib-log (1.7.1)
mixlib-shellout (2.2.7)
mongo (2.2.7)
msgpack (1.1.0)
multi_json (1.12.1)
multipart-post (2.1.1)
nokogiri (1.8.1)
ohai (6.20.0)
oj (2.18.1)
parallel (1.8.0)
psych (default: 2.0.5)
public_suffix (3.0.0, 2.0.5)
puma (3.8.2)
rack (1.6.5)
rack-test (0.6.3)
rails (4.2.8)
rails-deprecated_sanitizer (1.0.3)
rails-dom-testing (1.0.8)
rails-html-sanitizer (1.0.3)
railties (4.2.8)
rake (default: 10.1.0)
rdoc (default: 4.1.0)
request_store (1.3.2)
ruby-kafka (0.4.2)
ruby-progressbar (1.8.3)
rubyzip (1.2.1, 1.1.7)
sass (3.2.19)
sass-rails (4.0.5)
serverengine (2.1.1)
settingslogic (2.0.9)
sigdump (0.2.4)
sprockets (2.12.4)
sprockets-rails (2.3.3)
string-scrub (0.0.5)
strptime (0.2.3)
sucker_punch (1.0.5)
systemu (2.5.2)
td (0.15.2)
td-client (0.8.85)
td-logger (0.3.27)
test-unit (default: 2.1.10.0)
thor (0.19.4)
thread_safe (0.3.6)
thrift (0.8.0)
tilt (1.4.1)
timers (1.1.0)
tzinfo (2.0.0, 1.2.3)
tzinfo-data (1.2017.2)
uuidtools (2.1.5)
webhdfs (0.8.0)
yajl-ruby (1.3.0)
zip-zip (0.3)

ES version (6.x)

gem install fails for fluent-plugin-aws-elasticsearch-service

Hi,

I am building an AMI ( with pre installed fluentd and this plugin ). It was working fine for several months. But recently it seems to be broken. I see that dev activity picked up again.

I was using this command
/usr/sbin/td-agent-gem install fluent-plugin-aws-elasticsearch-service

But now it fails with compilation of strptime-0.1.9 and in the corresponding
mkmf.log I see gcc trying to compile something. We do not have gcc in our AMI.

Is this expected ? Dependency on strptime-0.1.9 .. is it newly added?

How do I install the latest fluent-plugin-aws-elasticsearch-service ?

As a workaround, I am using this command
/usr/sbin/td-agent-gem install fluent-plugin-aws-elasticsearch-service -v 0.1.6

But want to use the latest fluent-plugin-aws-elasticsearch-service

Does this support version 1.5 and 2.3 of elasticsearch?

As soon as I deploy this my ElasticSearch cluster goes unhealthy(yellow state). I did use 2.3 and wanted to confirm if this was supported by the plugin.

time_key

Does this plugin support time_key feature as with the default elastic search plugin https://github.com/uken/fluent-plugin-elasticsearch ?

no implicit conversion of nil into String

Hi there,

I'm trying to setup this plugin in place of the standard fluent-plugin-elasticsearch for our AWS ES instance, and trying to drop-in-replace this plugin always fails with the error "no implicit conversion of nil into String". I'm having trouble trying to debug it and I was wondering if you could spot anything obvious that I'm doing wrong?

Below are extracts of our td-agent.log:

2016-03-01 10:57:57 +0000 [info]: reading config file path="/etc/td-agent/td-agent.conf"
2016-03-01 10:57:57 +0000 [info]: starting fluentd-0.12.12
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-mixin-config-placeholders' version '0.3.0'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-mixin-plaintextformatter' version '0.2.6'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-aws-elasticsearch-service' version '0.1.4'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-bufferize' version '0.0.1'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-elasticsearch' version '1.0.0'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-mongo' version '0.7.10'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-rewrite-tag-filter' version '1.4.1'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-s3' version '0.5.9'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-scribe' version '0.10.14'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-secure-forward' version '0.3.2'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-slack' version '0.6.2'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-td' version '0.10.27'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-td-monitoring' version '0.2.1'
2016-03-01 10:57:57 +0000 [info]: gem 'fluent-plugin-webhdfs' version '0.4.1'
2016-03-01 10:57:57 +0000 [info]: gem 'fluentd' version '0.12.12'
2016-03-01 10:57:57 +0000 [info]: gem 'fluentd' version '0.10.61'
2016-03-01 10:57:57 +0000 [info]: using configuration file: <ROOT>
...
  # Application logs should go to ElasticSearch
  <match app.**>
  # @type elasticsearch
  # host search-xxxxxxxx.us-east-1.es.amazonaws.com
  # port 443
  # scheme https
  # include_tag_key true
  # tag_key @log_name
  # logstash_format true
  # flush_interval 5s
  # buffer_type file
  # buffer_path /etc/td-agent/buffer-es/
  # buffer_chunk_limit 5m
  # buffer_queue_limit 1024

    @type aws-elasticsearch-service
    include_tag_key true
    tag_key "@log_name"
    flush_interval 5s

    buffer_type file
    buffer_path /etc/td-agent/buffer-es/
    buffer_chunk_limit 5m
    buffer_queue_limit 1024

    <endpoint>
      url https://search-xxxxxxxx.us-east-1.es.amazonaws.com
      region us-east-1
    </endpoint>
  </match>
</ROOT>
2016-03-01 10:57:58 +0000 [info]: listening fluent socket on 0.0.0.0:24224
2016-03-01 10:58:28 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2016-03-01 10:57:59 +0000 error_class="TypeError" error="no implicit conversion of nil into String" plugin_id="object:3feea97bc960"
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.2.20/lib/aws-sdk-core/signers/v4.rb:116:in `+'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.2.20/lib/aws-sdk-core/signers/v4.rb:116:in `signature'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.2.20/lib/aws-sdk-core/signers/v4.rb:106:in `authorization'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/aws-sdk-core-2.2.20/lib/aws-sdk-core/signers/v4.rb:58:in `sign'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-aws-elasticsearch-service-0.1.4/lib/fluent/plugin/out_aws-elasticsearch-service.rb:163:in `sign'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/faraday_middleware-aws-signers-v4-0.1.1/lib/faraday_middleware/request/aws_signers_v4.rb:40:in `call'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.2/lib/faraday/rack_builder.rb:139:in `build_response'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/faraday-0.9.2/lib/faraday/connection.rb:377:in `run_request'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.13/lib/elasticsearch/transport/transport/http/faraday.rb:21:in `block in perform_request'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.13/lib/elasticsearch/transport/transport/base.rb:191:in `call'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.13/lib/elasticsearch/transport/transport/base.rb:191:in `perform_request'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.13/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-transport-1.0.13/lib/elasticsearch/transport/client.rb:119:in `perform_request'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.13/lib/elasticsearch/api/actions/ping.rb:20:in `block in ping'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.13/lib/elasticsearch/api/utils.rb:191:in `__rescue_from_not_found'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/elasticsearch-api-1.0.13/lib/elasticsearch/api/actions/ping.rb:19:in `ping'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.0.0/lib/fluent/plugin/out_elasticsearch.rb:64:in `client'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.0.0/lib/fluent/plugin/out_elasticsearch.rb:171:in `rescue in send'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.0.0/lib/fluent/plugin/out_elasticsearch.rb:169:in `send'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluent-plugin-elasticsearch-1.0.0/lib/fluent/plugin/out_elasticsearch.rb:163:in `write'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/buffer.rb:325:in `write_chunk'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/buffer.rb:304:in `pop'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/output.rb:321:in `try_flush'
  2016-03-01 10:58:28 +0000 [warn]: /opt/td-agent/embedded/lib/ruby/gems/2.1.0/gems/fluentd-0.12.12/lib/fluent/output.rb:140:in `run'

I believed since this plugin (appears to) extend the ES plugin (with a few additional IAM features) it would be simple enough to replace, but I can't work out why this error is being thrown 😢

access_key_id is deprecated

DEPRECATION WARNING: called deprecated method `access_key_id' of an Aws::CredentialProvider, use #credentials instead
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-aws-elasticsearch-service-0.1.6/lib/fluent/plugin/out_aws-elasticsearch-service.rb:88:in `inspect'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:207:in `inspect'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:207:in `inspect'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:207:in `block in connection_options_description'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:204:in `map'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:204:in `connection_options_description'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:165:in `client'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:353:in `send_bulk'
/home/fluent/.gem/ruby/2.3.0/gems/fluent-plugin-elasticsearch-1.9.2/lib/fluent/plugin/out_elasticsearch.rb:339:in `write_objects'
/usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.12/lib/fluent/compat/output.rb:521:in `write'
/usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.12/lib/fluent/compat/output.rb:128:in `write'
/usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.12/lib/fluent/plugin/output.rb:1018:in `try_flush'
/usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.12/lib/fluent/plugin/output.rb:1243:in `flush_thread_run'
/usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.12/lib/fluent/plugin/output.rb:401:in `block (2 levels) in start'
/usr/lib/ruby/gems/2.3.0/gems/fluentd-0.14.12/lib/fluent/plugin_helper/thread.rb:78:in `block in thread_create'

atomita / fluent-plugin-aws-elasticsearch-service Goto Github PK

fluent-plugin-aws-elasticsearch-service's Introduction

Fluent::AwsElasticsearchServiceOutput

Installation

Usage

IAM

EKS

Troubleshooting

Development

Contributing

License

fluent-plugin-aws-elasticsearch-service's People

Contributors

Stargazers

Watchers

Forkers

fluent-plugin-aws-elasticsearch-service's Issues

Problem

Question

Expected Behavior or What you need to ask

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

Expected Behavior or What you need to ask

Problem

Steps to replicate

traceback

Dockerfile

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

specifying index name

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Problem

Steps to replicate

Expected Behavior or What you need to ask

Using Fluentd and ES plugin versions

Recommend Projects

Recommend Topics

Recommend Org