Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/", :error_type=>LogStash:error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/]

sahir · April 19, 2022, 7:24am

Hi Team, I tried to connect Elasticsearch from Logstash i'm facing this error. I deployed Elasticsearch using HTTPS and check without passing a certificate its shows an error Elastic hosts is unreachable and again ill tested with the Elasticsearch certficate passing through logsatsh config file like this

        hosts => ["https://xxxxxxx:9200"]
        user => 'xxxxx'
        password => 'xxxxxxxx'
        index => "logstash-beta-%{+YYYY.MM.dd}"
        ssl => true
        ssl_certificate_authorities => ["/etc/secret-volume/ca.crt"]
        ssl_certificate => "/etc/secret-volume/tls.crt"
        ssl_key => "/etc/secret-volume/tls.key"

I passed the cert file and path like this again im getting the error like

elastcisearch - unknown setting ssl_certificate_authority
elastcisearch - unknown setting ssl_certificate
elastcisearch - unknown setting ssl_key

Then i removed these three lines and checked again it shows an error like

Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}



How can i connect with Elasticsearch and can you please explain how to pass the cert and key through logstash config file.

ikakavas · April 20, 2022, 3:04am

You only need the CA certificate, and the name of the config is cacert, not ssl_certificate_authority , check Secure your connection to Elasticsearch | Logstash Reference [8.1] | Elastic

sahir · April 20, 2022, 11:32am

@ikakavas Thanks for your reply, I did the same you suggest to me instead of ssl_certificate_authority i used cacert but again i'm getting error like

[ERROR] 2022-04-20 10:33:04.543 [[main]-pipeline-manager] javapipeline - Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::UnknownException: Host name 'xxx.xxx.xx.xx' does not match the certificate subject provided by the peer (CN=elasticsearch-es-http.accuknox-dev-logging.es.local, OU=elasticsearch)>, :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `block in initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in `call'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:74:in `perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:332:in `perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:261:in `health_check_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:270:in `block in healthcheck!'", "org/jruby/RubyHash.java:1415:in `each'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:266:in `healthcheck!'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:382:in `update_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:82:in `update_initial_urls'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:76:in `start'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:302:in `build_pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in `initialize'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:in `create_http_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:in `build'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch.rb:266:in `build_client'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.4.2-java/lib/logstash/outputs/elasticsearch/common.rb:24:in `register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:126:in `register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:216:in `block in register_plugins'", "org/jruby/RubyArray.java:1809:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:215:in `register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:520:in `maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:228:in `start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:170:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:125:in `block in start'"], "pipeline.sources"=>["/usr/share/logstash/pipeline/logstash.conf"], :thread=>"#<Thread:0x179cb7c9@/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:121 run>"}
[ERROR] 2022-04-20 10:33:04.565 [Converge PipelineAction::Create<main>] agent - Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create<main>, action_result: false", :backtrace=>nil}
[INFO ] 2022-04-20 10:33:04.633 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2022-04-20 10:33:09.649 [LogStash::Runner] runner - Logstash shut down.

can you please help me to connect logstash and Elasticsearch
This is the configuration file currently im using now.

output {
      elasticsearch {
       hosts => ["https://<NodeIP>:9200"]
       ssl => true
       ssl_certificate_verification => true
       cacert => "<Path to: cluster-ca-certificate.pem>"
       user => "<LogstashUserName>"
       password => "<LogstashPassword>"
       index => "testdata"
       ilm_enabled => false
}
 stdout {}
}

system · May 18, 2022, 11:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash unable to connect to elasticsearch Logstash	1	312	October 5, 2021
Problem with Logstash SSL Logstash elastic-stack-security	19	8211	March 31, 2022
Attempted to resurrect connection to dead ES instance Logstash elastic-stack-security , docker	2	149	April 4, 2024
Logstash unable to connect to Elasticsearch over https Logstash	7	1783	January 17, 2022
Attempted to resurrect connection to dead ES instance Elasticsearch	1	436	February 19, 2021

Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/", :error_type=>LogStash:error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@xxx.xxx.xx.xx:9200/]

Related Topics