Attempted to resurrect connection to dead ES instance. 401 Error

VeeT · July 5, 2019, 9:15pm

Hi,
I'm getting the following error in the logstash log file.

Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://000.00.00.02:9200/", :error_type=>LogStash::Outputs::Ela
sticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://000.00.00.02:9200/'"}

I've read in some discussions that this is is due to the logstash username and password. This is what I have in the syslog.conf:

input {
syslog {
port => 5044
id => "syslog_id"
}
}
output {
elasticsearch {
hosts => ["000.00.00.01:9200", "000.00.00.02:9200", "000.00.00.03:9200"]
sniffing => true
manage_template => false
index => "ss-logs-%{+YYYY.MM.dd}"
user => "{ES_USER}" password => "{ES_PWD}"
}
}

I'm not sure what else is misconfigured. We are using the logstash.keystore. Do I need to specify somewhere to point to the keystore?

We are using ELK 7.0.

Thanks!
Vee

VeeT · July 8, 2019, 8:49pm

Hi. Anyone has an idea on how to resolve this?

system · August 5, 2019, 8:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Attempted to resurrect connection to dead ES instance, but got an error Logstash	5	938	June 28, 2023
[Logstash 5.6.2] Attempted to resurrect connection to dead ES instance Logstash	2	7334	November 2, 2017
Error while connecting logstash to elasticsearch : Attempted to resurrect connection to dead ES instance, but got an error Logstash docker	9	286	February 27, 2023
Got response code '401' contacting Elasticsearch at URL Elasticsearch elastic-stack-security	6	16958	July 2, 2021
Attempted to resurrect connection to dead ES instance Logstash windows	2	22578	April 26, 2022

Attempted to resurrect connection to dead ES instance. 401 Error

Related topics