(Conditional – Intelligence) Getting Logstash to Running State when Using Self-signed Certificates
In an AWS deployment of Intelligence, when data is ingested, the Logstash pod enters into a CrashLoopBackOff state from a Running state. This issue occurs if you have configured OMT in the cloud (AWS) environments with self-signed certificates.
Perform the following steps:
-
Connect to Bastion.
-
Execute the following command to scale down the Logstash nodes:
kubectl -n $(kubectl get namespaces | grep arcsight | cut -d ' ' -f1) scale statefulset interset-logstash --replicas=0
-
Execute the following command to modify the logstash-config-pipeline configmap:
kubectl -n $(kubectl get namespaces | grep arcsight | cut -d ' ' -f1) edit configmaps logstash-config-pipeline
-
Update the value of the verify_mode field from "verify_peer" to "verify_none".
-
Save the configmap.
-
Execute the following command to scale up the Logstash nodes:
kubectl -n $(kubectl get namespaces | grep arcsight | cut -d ' ' -f1) scale statefulset interset-logstash --replicas=<number_of_replicas>