Configure Logstash to connect to Elasticsearch as output

I am running elasticsearch 8.4 and have configured logstash to index into elasticsearch. But I am getting the error:

][ERROR][logstash.javapipeline    ][main] Pipeline error {:pipeline_id=>"main", :exception=>#<Errno::EACCES: Permission denied - /etc/logstash/certs/http_ca.crt>, :backtrace=>["org/jruby/RubyIO.java:1227:in `sysopen'", "org/jruby/RubyFile.java:362:in `initialize'", "org/jruby/RubyClass.java:911:in `new'", "org/jruby/RubyIO.java:1146:in `open'", "org/jruby/RubyKernel.java:287:in `open'", "/usr/share/logstash/vendor/jruby/lib/ruby/stdlib/open-uri.rb:37:in `open'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/manticore-0.9.1-java/lib/manticore/client.rb:704:in `setup_trust_store'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/manticore-0.9.1-java/lib/manticore/client.rb:692:in `ssl_socket_factory_from_options'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/manticore-0.9.1-java/lib/manticore/client.rb:454:in `pool_builder'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/manticore-0.9.1-java/lib/manticore/client.rb:462:in `pool'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/manticore-0.9.1-java/lib/manticore/client.rb:227:in `initialize'", "org/jruby/RubyClass.java:911:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:26:in `initialize'", "org/jruby/RubyClass.java:911:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:325:in `build_adapter'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:341:in `build_pool'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:63:in `initialize'", "org/jruby/RubyClass.java:911:in `new'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:106:in `create_http_client'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:102:in `build'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/plugin_mixins/elasticsearch/common.rb:39:in `build_client'", "/usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-elasticsearch-11.6.0-java/lib/logstash/outputs/elasticsearch.rb:279:in `register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:68:in `register'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:233:in `block in register_plugins'", "org/jruby/RubyArray.java:1865:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:232:in `register_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:598:in `maybe_setup_out_plugins'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:245:in `start_workers'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:190:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:142:in `block in start'"], "pipeline.sources"=>["/etc/logstash/conf.d/testlog.conf"], :thread=>"#<Thread:0x3278de7c run>"}

Here are the steps I followed:

  • I created an elasticsearch user: elkDemo with the password elkDemo.

  • I installed logstash

  • created a directory /etc/logstash/certs and copied http_ca.crt from /etc/elasticsearch/certs/http_ca.crt to /etc/logstash/certs

  • Created my logstash conf file elk-demo.conf

Here's the configuration file:

input {
  beats {
    port => 5044
  }
}
output {
    elasticsearch {
      ssl => true
      ssl_certificate_verification => true
      cacert => '/etc/logstash/certs/http_ca.crt'
      user => testUser
      password => testUser
      hosts => ["https://10.0.8.19:9200"]
      index =>"demo-%{+YYYY.MM.dd}"
    }
}

Am I missing anything?

[ERROR][logstash.javapipeline ][main] Pipeline error {:pipeline_id=>"main", :exception=>#<Errno::EACCES: Permission denied - /etc/logstash/certs/http_ca.crt

Check the permission on http_ca.crt

Got it. Fixed it by running:

sudo chmod o+r /etc/logstash/certs/http_ca.crt

Do I need to include the user and password in the input and filter sections?

Nope

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.