Connection Reset when settinng up Filebeat to Elastic Cloud

Hello, I have a deployment with an Elasticsearch cluster and I am trying to send some logs using Filebeat. I created a user and gave him the roles necessary. I use the user-password base authentication but when I try to connect I keep getting Exiting: couldn't connect to any of the configured Elasticsearch hosts.. wsarecv: An existing connection was forcibly closed by the remote host when I run filebeat setup -e. It seems there is a ssl handshake issue which I do not understand since I do not use certificates for authenticating.
I have no firewall issue, used Test-Connection to make sure.

Hi @danae-panagiot Welcome to the community...

You going to need to share your metricbeat.yml if you would like help.

What version are you on?

Did you follow the quick start guide?

Did you or someone can figure traffic filters on your elastic Cloud deployment?

Also run and share the results of

filebeat test output

Hello @stephenb thank you for your response:)
I am using filebeat.yml and here is the configuration

cloud.id: "<cloudid>" #here i have pasted the cloud id from the deployment 
cloud.auth: "${CLOUD_AUTH}" #name of user and password stored in keystore in the format user:password

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  timeout: 90s
  max_retries: 5

I do not have any other relevant in the configuration. I followed the start guide yes, I am in version 8.17.0.
This is what I get when running filebeat test output

I will check with the teams responsible for the cloud deployment thank you again for your help :slight_smile:

Here is what I suspect

Cloud is resolved to port 9243 not 443. I suspect there is a Firewall Also if this is an older deployment there is an option to update it to only use 443 that should be on the Elastic Cloud Console.

So go get the elasticsearch endpoint and and kibana endpoints set to 443 ..

Set those as the elasticsearch and Kibana endpoints in the filebeat.yml

Try again

example Elasticsearch

https://mydeployment.es.us-west1.gcp.cloud.es.io:443
https://mydeployment.kb.us-west1.gcp.cloud.es.io:443

thank you this solved the problem :slight_smile: I changed the use of cloud id + cloud auth to configuring the endpoints for elasticsearch + kibana output using port 443 instead of 9243.

again, thanks for your time :slight_smile:

1 Like