Hi,
We are trying to send our filebeat logs to an elasticsearch cluster but we get this error:
2020-12-16T15:32:37.816+0100 ERROR [esclientleg] eslegclient/connection.go:261 error connecting to Elasticsearch at https://somecluster.internal.some.domain:443/elk-netflow/elasticsearch/: 404 Not Found:
2020-12-16T15:32:37.816+0100 ERROR fileset/factory.go:134 Error loading pipeline: Error creating Elasticsearch client: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://somecluster.internal.some.domain:443/elk-netflow/elasticsearch/: 404 Not Found: ]
We can "curl" from the filebeat server to that URL and we do get the expected "you know, for search" response. Any idea what could be the problem?
filebeat.yml
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
hosts: ["https://somecluster.internal.some.domain:443"]
protocol: "https"
path: "/elk-netflow/elasticsearch/"
username: "someuser"
password: "somepassword"
ssl.verification_mode: "none" #We tried with all the options here
ssl.certificate_authorities: ["/etc/pki/root_der.pem","/etc/pki/ssl_der.pem"]
The filebeat is executing in a virtual machine and is installed as a systemd service. On the other hand, our elasticsearch/kibana combo is a cluster that is deployed using the ECK operator. Hence the "path" in use is not the default one for Elasticsearch. Nontheless, this works fine:
curl --cacert /etc/pki/root_der.pem -u someuser:somepassword https://somecluster.internal.some.domain:443/elk-netflow/elasticsearch/