Beats input: SSL Certificate will not be used and deprecated config setting "document_type"


(Ralf Rottmann) #1

Hi Everyone,

I'm pretty new to the ELK stack and love it so far. However, I'm running into some subtle issues and hope you guys can help.

I'm on Elasticsearch Version 6.2.1 with the latest Kibana, Logstash and Filebeat versions and X-Pack successfully installed.

1.) When starting Logstash, I do see the following in the logs:

You are using a deprecated config setting "document_type" set in elasticsearch.

I don't know where I am supposed to have document_type configured.

/etc/logstash/conf.d/logstash.conf:

input {
  beats {
    port => 5044
    ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
    ssl_key => "/etc/pki/tls/certs/logstash-forwarder.key"
  }
}

filter {
  if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
      add_field => [ "received_at", "%{@timestamp}" ]
      add_field => [ "received_from", "%{host}" ]
    }
    syslog_pri { }
    date {
      match => [ "syslog_timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
    }
  }
}

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    user => filebeat_internal
    password => ***
  }
}

So there is no document_type in the configuration.

2.) When starting Logstash, I see

[2018-02-18T23:03:28,980][WARN ][logstash.inputs.beats    ] Beats input: SSL Certificate will not be used
[2018-02-18T23:03:28,980][WARN ][logstash.inputs.beats    ] Beats input: SSL Key will not be used

Why is that? I have configured cert and key for the input and made sure the files are available.

Any help is greatly appreciated!


(Pier-Hugues Pellerin) #2

You need to set “ssl=> true” in the beats input configuration.


(system) #3

This topic was automatically closed after 21 days. New replies are no longer allowed.