Change Elasticsearch password

juancamiloll · September 16, 2025, 1:40pm

Hi

Understanding that Logstash uses .conf files to authenticate against Elasticsearch, I am here today to ask for your help in changing the current password I have configured in the .conf files from Logstash.

elasticsearch {
  id => "My_font"
  hosts => ["https://192.168.1.1:9200","https://192.168.1.2:9200","https://192.168.1.3:9200"]
  data_stream => true
  data_stream_type => "logs"
  data_stream_dataset => "my_font"
  data_stream_namespace => "prd"
  user => "elastic"
  password => "cocacola"
  ssl_enabled  => true
  ssl_certificate_authorities => "/xxxxxxxxxxx/ca.crt"
}

If I want to set the new password as pepsi2025, how can I do this without affecting the ELK solution?

leandrojmp · September 16, 2025, 1:57pm

Not sure if I understood, the authentication is done on Elasticsearch side, if you want to change the password for the elastic user, you need to do that on Elasticsearch or using the Kibana UI.

It will affect everywhere this user is used.

juancamiloll · September 16, 2025, 2:00pm

The key I currently use is very old, and I need to assign a new one.

Do I need to log in directly to each of the servers in the Elasticsearch cluster to modify the .yml or something like that? Or is there another method? That is my question.

leandrojmp · September 16, 2025, 2:05pm

No, the password is set on the cluster, it exists in the security index, to change it you need to use the Change Password API or change it using the Kibana UI, in the User Management part.

After you change it will will also need to change any configuration that uses the old password, for example, if your in your kibana.yml you configures Kibana to use the elastic user and the old password, you will need to change it on the file and restart Kibana as well.

juancamiloll · September 16, 2025, 2:19pm

@leandrojmp

Thanks for your reply. To make sure I understand you correctly, I just need to log in from the Kibana graphical interface, then go to Dev Tools and run

POST /_security/user/elastic/_password
{
"password": “pepsi”
}

Then I log in to Logstash via SSH and modify each of the .conf files with the new password.

Is that all? Or do I need to do anything else?

Should I restart Logstash after the change?

leandrojmp · September 16, 2025, 2:30pm

Yes, you need to change it in every configuration file you have and restar the services.

Also, as mentioned, if Kibana is configured to use the elastic user you also need to change this in Kibana configuration and restart the service.

If this is a production environment I suggest that you do those actions on a maintenance windows as they can impact the availability of your cluster.

juancamiloll · September 16, 2025, 3:40pm

Thank you very much, as always, for your valuable help. I was able to make the change.

Topic		Replies	Views
Steps to change elastic password Elasticsearch	3	474	August 20, 2020
Password encryption in Logstash Logstash	2	417	January 29, 2018
Unable to change the elastic user password Kibana elastic-stack-security	3	598	May 6, 2021
I lost the password that has been changed Elasticsearch	2	66995	August 2, 2017
Unable to authenticate user [logstash_internal] for REST request [/bulk] Logstash elastic-stack-security	4	1229	May 4, 2023

Change Elasticsearch password

Related topics