Very Infriquent DNS lookup error #72
Description
Logstash information:
Please include the following information:
- Logstash version: 8.15.2
- Logstash installation source: ZIP
- How is Logstash being run: As Service
- How was the Logstash Plugin installed: Bundeled
JVM
- JVM version (
java -version): Bundeled
OS version: Windows Server 2019
Description of the problem including expected versus actual behavior:
I use Logstash pipelines to write syslog events into files.
If it is important, the number of running pipelines is 40, with about 20kk messages per day; all pipelines look similar to the example.
The daily log rate for the host related to the IP presented in the error message is about 1.5kk messages.
The problem is that the only one message from 1.5kk was written in the file without a properly resolved hostname.
This particular situation also affects other hosts with different log rates, and I also couldn't find any time correlation.
Errors appear randomly during the day, and the only thing I can see is the debug message that you can see below.
I also want to make an accent that the error appeared only once.
I didn't read the plugin code, but according to the plugin settings, the number of attempts must be 10.
Moreover, the couple of nearby messages don't have any problems with DNS resolving.
Provide logs (if relevant):
Related raw text syslog message from the file with IP in the name:
<14>2025-01-13T19:34:38.325Z fab03-host15-esxi.domain.com cooraddb02[2115045]: VigorTransportProcessClientPayload: opID=m2ozhktv-1488982-auto-vwxw-h5:70105063-a3-01-01-01-18-1002 seq=3497160: Receiving GuestStats.SetNotificationTime request.
Nearby messages from the file with the hostname in the name:
<167>2025-01-13T19:34:36.889Z fab03-host15-esxi.i-teco.ru Rhttpproxy: verbose rhttpproxy[2472317] [Originator@6876 sub=Proxy Req 01894] Resolved endpoint : [N7Vmacore4Http16LocalServiceSpecE:0x00000093c6007f70] _serverNamespace = /vpxa action = Allow _port = 8089
<14>2025-01-13T19:34:38.325Z fab03-host15-esxi.i-teco.ru cooraddb02[2115045]: VigorTransport_ServerSendResponse opID=m2ozhktv-1488982-auto-vwxw-h5:70105063-a3-01-01-01-18-1002 seq=3497160: Completed GuestStats request.
<166>2025-01-13T19:34:39.520Z fab03-host15-esxi.i-teco.ru healthd: info healthd[2107306] [Originator@6876 sub=PluginLauncher] Peak requested reservation (MB): 40, Peak requested reservation of children groups (MB): 40
Pipeline config
input {
udp {
port => 1514
}
}
filter {
dns {
action => "replace"
hit_cache_size => 500000
max_retries => 10
reverse => [ "[host]" ]
}
}
output {
file {
codec => line { format => "%{message}" }
path => "E:/logstash/vsi/vsi_file_esxi-syslog/%{[host]}/%{+YYYY-MM-dd-HH}.log"
}
}
DNS Lookup Error
[2025-01-13T19:34:39,528][DEBUG][logstash.filters.dns ][vsi_file_esxi-syslog][cd747fa238b4bd56cad0d70056414defa3e5cf1bd94ae7d935c8323876a75fb6] DNS: couldn't resolve the address. {:field=>"[host]", :value=>"172.21.50.16"}
[2025-01-13T19:34:39,537][DEBUG][logstash.outputs.file ][vsi_file_esxi-syslog][c77248b99cc78717e6a43d6714da387d1f494b8ba3b0b763a6e70dce1978787e] File, writing event to file. {:filename=>"E:/logstash/vsi/vsi_file_esxi-syslog/172.21.50.16/2025-01-13-16.log"}\