(Conditional – Intelligence) Getting Logstash to Running State when Using Self-signed Certificates

In an AWS deployment of Intelligence, when data is ingested, the Logstash pod enters into a CrashLoopBackOff state from a Running state. This issue occurs if you have configured OMT in the cloud (AWS) environments with self-signed certificates.

Perform the following steps:

  1. Connect to Bastion.

  2. Execute the following command to scale down the Logstash nodes:

    kubectl -n $(kubectl get namespaces | grep arcsight | cut -d ' ' -f1) scale statefulset interset-logstash --replicas=0			
  3. Execute the following command to modify the logstash-config-pipeline configmap:

    kubectl -n $(kubectl get namespaces | grep arcsight | cut -d ' ' -f1) edit configmaps logstash-config-pipeline
  4. Update the value of the verify_mode field from "verify_peer" to "verify_none".

  5. Save the configmap.

  6. Execute the following command to scale up the Logstash nodes:

    kubectl -n $(kubectl get namespaces | grep arcsight | cut -d ' ' -f1) scale statefulset interset-logstash --replicas=<number_of_replicas>