Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/", :error_type=>LogStash:error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/]

Hi Team, I tried to connect Elasticsearch from Logstash i'm facing this error. I deployed Elasticsearch using HTTPS and check without passing a certificate its shows an error Elastic hosts is unreachable and again ill tested with the Elasticsearch certficate passing through logsatsh config file like this

        hosts => ["https://xxxxxxx:9200"]
        user => 'xxxxx'
        password => 'xxxxxxxx'
        index => "logstash-beta-%{+YYYY.MM.dd}"
        ssl => true
        ssl_certificate_authorities => ["/etc/secret-volume/ca.crt"]
        ssl_certificate => "/etc/secret-volume/tls.crt"
        ssl_key => "/etc/secret-volume/tls.key"

I passed the cert file and path like this again im getting the error like 

elastcisearch - unknown setting ssl_certificate_authority
elastcisearch - unknown setting ssl_certificate
elastcisearch - unknown setting ssl_key

Then i removed these three lines and checked again it shows an error like

Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

How can i connect with Elasticsearch and can you please explain how to pass the cert and key through logstash config file.

You only need the CA certificate, and the name of the config is cacert, not ssl_certificate_authority , check Secure your connection to Elasticsearch | Logstash Reference [8.1] | Elastic

@ikakavas Thanks for your reply, I did the same you suggest to me instead of ssl_certificate_authority i used cacert but again i'm getting error like

[ERROR] 2022-04-20 10:33:04.543 [[main]-pipeline-manager] javapipeline - Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::UnknownException: Host name 'xxx.xxx.xx.xx' does not match the certificate subject provided by the peer (CN=elasticsearch-es-http.accuknox-dev-logging.es.local, OU=elasticsearch)>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `block in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in `call'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:74:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:332:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:261:in `health_check_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:270:in `block in healthcheck!'", "org/jruby/RubyHash.java:1415:in `each'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:266:in `healthcheck!'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:382:in `update_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:82:in `update_initial_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:76:in `start'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:302:in `build_pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:in `create_http_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:in `build'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch.rb:266:in `build_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/common.rb:24:in `register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:126:in `register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:216:in `block in register_plugins'", "org/jruby/RubyArray.java:1809:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:215:in `register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:520:in `maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:228:in `start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:170:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:125:in `block in start'"], "pipeline.sources"=>["/usr/share/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0x179cb7c9@/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:121 run>"}
[ERROR] 2022-04-20 10:33:04.565 [Converge PipelineAction::Create<main>] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[INFO ] 2022-04-20 10:33:04.633 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2022-04-20 10:33:09.649 [LogStash::Runner] runner - Logstash shut down.

can you please help me to connect logstash and Elasticsearch
This is the configuration file currently im using now.

output {
      elasticsearch {
       hosts => ["https://<NodeIP>:9200"]
       ssl => true
       ssl_certificate_verification => true
       cacert => "<Path to: cluster-ca-certificate.pem>"
       user => "<LogstashUserName>"
       password => "<LogstashPassword>"
       index => "testdata"
       ilm_enabled => false
}
 stdout {}
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.