Authentical failed while i did curl -XGET http://localhost:9200

I have newly setup the ELK stack on a single EC2 instance. I am getting the following error when i am doing a CURL to check the ES status. Although the output is pretty long. But this should give an idea on whats happening. In the elastic.yml file i have defined 0.0.0.0 for network.host. but still doesnt work. I have even tried localhost:9200 which also doesnt work.

Exception details: Your credentials could not be authenticated: "Credentials are missing.". You will not be permitted access until your credentials can be verified.

Did you install x-pack?

No I didnt , is it required to get rid of this problem.

No. So I don't understand where this message is coming from.

May be explain exactly your architecture, what you installed, how...

I killed that EC2 instance and spin up a new instance on which ELK stack is installed. But when i start the logstash instance i get this error:

[root@IP logstash]# systemctl status logstash -l
â logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2017-07-30 03:52:10 UTC; 2s ago
Main PID: 1246 (java)
CGroup: /system.slice/logstash.service
ââ1246 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+DisableExplicitGC -Djava.awt.headless=true -Dfile.encoding=UTF-8 -XX:+HeapDumpOnOutOfMemoryError -Xmx4g -Xms1g -Xss2048k -Djffi.boot.library.path=/usr/share/logstash/vendor/jruby/lib/jni -Xbootclasspath/a:/usr/share/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/usr/share/logstash/vendor/jruby -Djruby.lib=/usr/share/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main /usr/share/logstash/lib/bootstrap/environment.rb logstash/runner.rb --path.settings /etc/logstash

Jul 30 03:52:10 IP systemd[1]: Started logstash.
Jul 30 03:52:10 IP systemd[1]: Starting logstash...

I don't see an error.

May be move your question to #logstash room if it's not related to elasticsearch ?

Yes i was wrong this is not the error, but when i do curl -XGET http://localhost:9200 i get the below error

{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication token for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}

FYI, i have installed XPACK.

Finally i was able to read your other posts for securing XPACK, and changing the password for default users. i will close this post. Thanks for your help :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.