Error Logs in Logstash
Aug 20 14:28:50 elastic.sys logstash[5101]: [2021-08-20T14:28:50,172][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://logstash_writer:xxxxxx@elastic.sys:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://elastic.sys:9200/'"}
Logstash config file
input {
udp {
port => 5044
type => "syslog"
}
}
filter{
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{USERNAME:hostname}%{DATA:syslog_program}:%{GREEDYDATA:syslog_message}" }
}
date {
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
ruby {
code => "
fieldArray = event.get('syslog_message').split(' ');
for field in fieldArray
name = field.split('=')[0];
value = field.split('=')[1];
if value =~ /[0-9]/
if value =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/
event.set(name, value)
else
if value =~ /[A-z]/
event.set(name, value)
else
event.set(name, value.to_i)
end
end
else
event.set(name, value)
end
end
"
}
}
}
output {
elasticsearch {
ilm_enabled => false
hosts => ['https://elastic.sys:9200']
cacert => '/etc/logstash/certs/ca.crt'
user => 'logstash_writer'
password => 'LiL14stC0M0BZw9iBAY9'
index => "syslog"
}
stdout { codec => rubydebug }
}
elasticsearch log
[root@elastic elasticsearch]# tail elasticsearch.log
[2021-08-20T14:42:28,785][WARN ][o.e.x.s.a.AuthenticationService] [elastic] Authentication to realm default_native failed - Password authentication failed for logstash_writer
I had tried many ways but can't resolve this error .. Plz help me