Hello,
I am working on configuring security in ELK stack.
I am using a trial license of Logstash 7.1, Kibana 7.1 and Elasticsearch 7.1
As per the instructions on configuring security in ELK, I have configured security in elasticsearch and kibana successfully.
I am able to access both kibana and elasticsearch using "https://hostname:<port_no" in browser.
I have configured security in Logstash also by following the instructions given in the elasticsearch documentation.
When I run Logstash to insert sample json data in elasticsearch, I am getting error related to cacert path configured in Logstash.
Here is my Logstash config file:
input
{
elasticsearch
{
hosts => ["https://inpusclp06419:9200"]
index => "ticket-*"
user => logstash_internal
password => "XXXXXXXXX"
}
file
{
path => "D:/Automation-10-Jan-18/SmartInsight_Deployment_25_March_19/ticket_data/TicketData.json"
start_position => "beginning"
sincedb_path => "NUL"
codec => "json"
}
}
filter
{
elasticsearch
{
hosts => ["https://inpusclp06419:9200"]
index => "ticket-*"
user => logstash_internal
password => "XXXXXXXXX"
}
}
output
{
elasticsearch
{
hosts => ["https://inpusclp06419:9200"]
index => "ticket-*"
manage_template => false
user => logstash_internal
password => "XXXXXXXXX"
ssl => true
ssl_certificate_verification => true
cacert => "D:\elasticsearch-7.1.1_one\config\certs"
}
stdout
{
codec => rubydebug
}
}
Here are the logs from Logstash:
[2019-06-28T14:50:12,949][ERROR][logstash.javapipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Errno::EISDIR: Is a directory - D:\elasticsearch-7.1.1_one\config\certs>, :backtrace=>["org/jruby/RubyIO.java:1236:in sysopen'", "org/jruby/RubyFile.java:367:in
initialize'", "org/jruby/RubyIO.java:1155:in open'", "org/jruby/RubyKernel.java:320:in
open'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:633:in setup_trust_store'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:621:in
ssl_socket_factory_from_options'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:397:in pool_builder'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:405:in
pool'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/client.rb:209:in initialize'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:26:in
initialize'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:282:in build_adapter'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:286:in
build_pool'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in initialize'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:in
create_http_client'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:in build'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch.rb:238:in
build_client'", "D:/logstash-7.1.1/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:25:in register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:106:in
register'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:48:in register'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:191:in
block in register_plugins'", "org/jruby/RubyArray.java:1792:in each'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:190:in
register_plugins'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:445:in maybe_setup_out_plugins'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:203:in
start_workers'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:145:in run'", "D:/logstash-7.1.1/logstash-core/lib/logstash/java_pipeline.rb:104:in
block in start'"], :thread=>"#<Thread:0x456fdafc run>"}
Blockquote
Why Logstash is throwing the exception:
"Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Errno::EISDIR: Is a directory - D:\elasticsearch-7.1.1_one\config\certs>"
Can you please check the logs and suggest if I am doing anything wrong here.
Regards
Yogesh Mishra