Config Logstash with https to Elasticsearch cluster

Error Logs in Logstash

Aug 20 14:28:50 elastic.sys logstash[5101]: [2021-08-20T14:28:50,172][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://logstash_writer:xxxxxx@elastic.sys:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://elastic.sys:9200/'"}

Logstash config file

input {
udp {
port => 5044
type => "syslog"


}

}
filter{
      if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{USERNAME:hostname}%{DATA:syslog_program}:%{GREEDYDATA:syslog_message}" }
}
date {
        match => [ "timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
     }

ruby {
        code => "
            fieldArray = event.get('syslog_message').split(' ');
            for field in fieldArray
                name = field.split('=')[0];
                value = field.split('=')[1];
                 if value =~ /[0-9]/
                   if value =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
                      event.set(name, value)
                   else
                      if value =~ /[A-z]/
                        event.set(name, value)
                      else
                        event.set(name, value.to_i)
                      end
                   end
                else
                    event.set(name, value)

                end
            end
        "
    }
}

}
output {
  elasticsearch {
ilm_enabled => false
    hosts => ['https://elastic.sys:9200']
    cacert => '/etc/logstash/certs/ca.crt'
   user => 'logstash_writer'
    password => 'LiL14stC0M0BZw9iBAY9'
      index => "syslog"


  }
  stdout { codec => rubydebug }
}

elasticsearch log

[root@elastic elasticsearch]# tail elasticsearch.log
[2021-08-20T14:42:28,785][WARN ][o.e.x.s.a.AuthenticationService] [elastic] Authentication to realm default_native failed - Password authentication failed for logstash_writer

I had tried many ways but can't resolve this error .. Plz help me

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.