Attempted to resurrect connection to dead ES instance. 401 Error

I'm getting the following error in the logstash log file.

Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"", :error_type=>LogStash::Outputs::Ela
sticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL ''"}

I've read in some discussions that this is is due to the logstash username and password. This is what I have in the syslog.conf:

input {
syslog {
port => 5044
id => "syslog_id"
output {
elasticsearch {
hosts => ["", "", ""]
sniffing => true
manage_template => false
index => "ss-logs-%{+YYYY.MM.dd}"
user => "{ES_USER}" password => "{ES_PWD}"

I'm not sure what else is misconfigured. We are using the logstash.keystore. Do I need to specify somewhere to point to the keystore?

We are using ELK 7.0.


Hi. Anyone has an idea on how to resolve this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.