2018/05/11 23:08:28 [error] 53734#53734: *621532077 upstream prematurely closed

1. 2018/05/11 23:08:28 [error] 53734#53734: *621532077 upstream prematurely closed connection while reading response header from upstream, client: 192.168.22.10, server: www.testserver.pt, request: "GET /methods/userinfo.ashx/getUserOpenBetsData? HTTP/2.0", upstream: "https://188.11.2.3:443/methods/userinfo.ashx/getUserOpenBetsData?", host: "www.testserver.pt", referrer: "https://www.testserver.pt/"
2.  
3. input {
4. beats {
5. port => "5044"
6. }
7. }
8. filter {
9. grok{
10. match => {"message" => '%{F_TIMESTAMP: timestamp} [%{DATA:Message_type}] %{DATA:EventId}: *%{NUMBER:Secondaryid} %{GREEDYDATA:Message}, client: %{IP:origin}, server: %{URIHOST:domain}, request: "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:httpversion}", upstream: %{QS:userRequest}, host: "%{URIHOST:host}", referrer: %{QS:referrer}'}
11. }
12. date{
13. locale => "en"
14. match => ["timestamp", "YYYY/MM/dd HH:mm:ss"]
15. target => "@timestamp"
16. }
17. }
18. output {
19. elasticsearch {
20. hosts => [ "localhost:9200" ]
21. index => "logstash-%{+YYYY.MM.dd.HH}"
22. user => "elastic"
23. password => "changeme"
24.  
25. (?<timestamp>%{YEAR}[./]%{MONTHNUM}[./]%{MONTHDAY} %{TIME}) [%{LOGLEVEL:severity}] %{POSINT:pid}#%{NUMBER:threadid}: *%{NUMBER:connectionid} %{GREEDYDATA:errormessage}, client: %{IP:client}, server: %{GREEDYDATA:server}, request: %{GREEDYDATA:request}
26.  
27. {
28. "timestamp": [
29. [
30. "2018/05/11 23:08:28"
31. ]
32. ],
33. "YEAR": [
34. [
35. "2018"
36. ]
37. ],
38. "MONTHNUM": [
39. [
40. "05"
41. ]
42. ],
43. "MONTHDAY": [
44. [
45. "11"
46. ]
47. ],
48. "TIME": [
49. [
50. "23:08:28"
51. ]
52. ],
53. "HOUR": [
54. [
55. "23"
56. ]
57. ],
58. "MINUTE": [
59. [
60. "08"
61. ]
62. ],
63. "SECOND": [
64. [
65. "28"
66. ]
67. ],
68. "severity": [
69. [
70. "error"
71. ]
72. ],
73. "pid": [
74. [
75. "53734"
76. ]
77. ],
78. "threadid": [
79. [
80. "53734"
81. ]
82. ],
83. "BASE10NUM": [
84. [
85. "53734",
86. "621532077"
87. ]
88. ],
89. "connectionid": [
90. [
91. "621532077"
92. ]
93. ],
94. "errormessage": [
95. [
96. "upstream prematurely closed connection while reading response header from upstream"
97. ]
98. ],
99. "client": [
100. [
101. "192.168.22.10"
102. ]
103. ],
104. "IPV6": [
105. [
106. null
107. ]
108. ],
109. "IPV4": [
110. [
111. "192.168.22.10"
112. ]
113. ],
114. "server": [
115. [
116. "www.testserver.pt"
117. ]
118. ],
119. "request": [
120. [
121. ""GET /methods/userinfo.ashx/getUserOpenBetsData? HTTP/2.0", upstream: "https://188.11.2.3:443/methods/userinfo.ashx/getUserOpenBetsData?", host: "www.testserver.pt", referrer: "https://www.testserver.pt/""
122. ]
123. ]
124. }