Hello, I have a deployment with an Elasticsearch cluster and I am trying to send some logs using Filebeat. I created a user and gave him the roles necessary. I use the user-password base authentication but when I try to connect I keep getting Exiting: couldn't connect to any of the configured Elasticsearch hosts.. wsarecv: An existing connection was forcibly closed by the remote host
when I run filebeat setup -e. It seems there is a ssl handshake issue which I do not understand since I do not use certificates for authenticating.
I have no firewall issue, used Test-Connection to make sure.
Hi @danae-panagiot Welcome to the community...
You going to need to share your metricbeat.yml if you would like help.
What version are you on?
Did you follow the quick start guide?
Did you or someone can figure traffic filters on your elastic Cloud deployment?
Also run and share the results of
filebeat test output
Hello @stephenb thank you for your response:)
I am using filebeat.yml and here is the configuration
cloud.id: "<cloudid>" #here i have pasted the cloud id from the deployment
cloud.auth: "${CLOUD_AUTH}" #name of user and password stored in keystore in the format user:password
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
timeout: 90s
max_retries: 5
I do not have any other relevant in the configuration. I followed the start guide yes, I am in version 8.17.0.
This is what I get when running filebeat test output
I will check with the teams responsible for the cloud deployment thank you again for your help
Here is what I suspect
Cloud is resolved to port 9243 not 443. I suspect there is a Firewall Also if this is an older deployment there is an option to update it to only use 443 that should be on the Elastic Cloud Console.
So go get the elasticsearch endpoint and and kibana endpoints set to 443 ..
Set those as the elasticsearch and Kibana endpoints in the filebeat.yml
Try again
example Elasticsearch
https://mydeployment.es.us-west1.gcp.cloud.es.io:443
https://mydeployment.kb.us-west1.gcp.cloud.es.io:443
thank you this solved the problem I changed the use of cloud id + cloud auth to configuring the endpoints for elasticsearch + kibana output using port 443 instead of 9243.
again, thanks for your time