401 Unauthorized

(James Tinkess) #1

I upgraded to 6.2 installed x-pack and i can't seem to find the cause.
I have installed ELK many times-- I must have missed a config parameter.
It is all running on the same machine.

logstash cant connect

:error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/

curl cant connect
I try and list the indices and i get
curl -XGET 'localhost:9200/_cat/indices?v&pretty'
"error" : {
"root_cause" : [
"type" : "security_exception",
"reason" : "missing authentication token for REST request [/_cat/indices?v&pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
"type" : "security_exception",
"reason" : "missing authentication token for REST request [/_cat/indices?v&pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
"status" : 401

(Tim Vernum) #2

X-Pack includes Security which is on by default (depending on your license type).

By default you get a 30 day trial license with all features enabled (including security), and so, by default your ES server is not accessible without a username + password.

Your options are:

  • Register for the Basic license at https://register.elastic.co/. That will give you a free license to a bunch of X-Pack features like Monitoring, APM, reporting, dev tools, and will automatically disable security. See https://www.elastic.co/subscriptions
  • Keep running with a trial license, but disable security by adding
    xpack.security.enabled: false 
    to your elasticsearch.yml configuration file.
  • Keep running with a trial license, and make use of security by providing a username and password for each request. This is a simple configuration in logstash, and requires some small setup on the ES side. See https://www.elastic.co/guide/en/x-pack/6.1/setting-up-authentication.html
  • Remove X-Pack (but I hope you don't do that, the free license includes a lot of useful features, even if you don't want security).

(James Tinkess) #3

Yes, i found an example.
I put user/passwd fields in my outputs

Works great.

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.