Docker ELK stack not moving after licence validation and fails to authenticate with the the .env password

Hi Team,

I trying to setup ELK stack in local using docker. I'm having some hard time in bringing Elasticsearch up.
Actually elasticsearch starts up but as per logs it didn't move after licence validation and stuck in there. 'elastic' super user password password as part docker compose is not taking effect. When curl I'm getting an error as unable to authenticate user.
I'm using Windows 11 with docker desktop. Using the same configuration as of Getting started with the Elastic Stack and Docker-Compose | Elastic Blog

Looking for suggestions on how to fix and make the stack up and running in local container.

Thanks,
J Abraham

Docker-compose.yml

version: "1.0"

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  kibanadata:
    driver: local
  metricbeatdata01:
    driver: local
  filebeatdata01:
    driver: local
  logstashdata01:
    driver: local

networks:
  default:
    name: elastic
    external: false

services:
  setup:
    image: elasticsearch:${ES_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f /usr/share/elasticsearch/config/certs/ca.zip ]; then
          echo "Creating CA";
          /opt/elasticsearch/bin/elasticsearch-certutil ca --silent --pem -out /usr/share/elasticsearch/config/certs/ca.zip;
          unzip /usr/share/elasticsearch/config/certs/ca.zip -d /usr/share/elasticsearch/config/certs;
        fi;
        if [ ! -f /usr/share/elasticsearch/config/certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          "  - name: kibana\n"\
          "    dns:\n"\
          "      - kibana\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > /usr/share/elasticsearch/config/certs/instances.yml;
          /opt/elasticsearch/bin/elasticsearch-certutil cert --silent --pem -out /usr/share/elasticsearch/config/certs/certs.zip --in /usr/share/elasticsearch/config/certs/instances.yml --ca-cert /usr/share/elasticsearch/config/certs/ca/ca.crt --ca-key /usr/share/elasticsearch/config/certs/ca/ca.key;
          unzip /usr/share/elasticsearch/config/certs/certs.zip -d /usr/share/elasticsearch/config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root /usr/share/elasticsearch/config/certs;
        cd /usr/share/elasticsearch/
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert /usr/share/elasticsearch/config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f /usr/share/elasticsearch/config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: elasticsearch:${ES_VERSION}
    labels:
      co.elastic.logs/module: elasticsearch
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - cluster.initial_master_nodes=es01
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
      - ES_PATH_CONF=/opt/elasticsearch/config
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
    image: kibana:${KB_VERSION}
    labels:
      co.elastic.logs/module: kibana
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - XPACK_SECURITY_ENCRYPTIONKEY=${ENCRYPTION_KEY}
      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY=${ENCRYPTION_KEY}
      - XPACK_REPORTING_ENCRYPTIONKEY=${ENCRYPTION_KEY}
      - KBN_PATH_CONF=/opt/kibana
    mem_limit: ${KB_MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  metricbeat01:
    depends_on:
      es01:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: metricbeat:${MB_VERSION}
    user: root
    volumes:
      - certs:/usr/share/metricbeat/certs
      - metricbeatdata01:/usr/share/metricbeat/data
      - "./metricbeat.yml:/usr/share/metricbeat/metricbeat.yml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/sys/fs/cgroup:/hostfs/sys/fs/cgroup:ro"
      - "/proc:/hostfs/proc:ro"
      - "/:/hostfs:ro"
    environment:
      - ELASTIC_USER=elastic
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - ELASTIC_HOSTS=https://es01:9200
      - KIBANA_HOSTS=http://kibana:5601
      - LOGSTASH_HOSTS=http://logstash01:9600
    command:
      - --strict.perms=false

  filebeat01:
    depends_on:
      es01:
        condition: service_healthy
    image: /pld-filebeat:${FB_VERSION}
    user: root
    volumes:
      - certs:/usr/share/filebeat/certs
      - filebeatdata01:/usr/share/filebeat/data
      - "./filebeat_ingest_data/:/usr/share/filebeat/ingest_data/"
      - "./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro"
      - "/var/lib/docker/containers:/var/lib/docker/containers:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      - ELASTIC_USER=elastic
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - ELASTIC_HOSTS=https://es01:9200
      - KIBANA_HOSTS=http://kibana:5601
      - LOGSTASH_HOSTS=http://logstash01:9600
    command:
      - --strict.perms=false

  logstash01:
    depends_on:
      es01:
        condition: service_healthy
      kibana:
        condition: service_healthy
    image: logstash:${LS_VERSION}
    labels:
      co.elastic.logs/module: logstash
    user: root
    volumes:
      - certs:/usr/share/logstash/certs
      - logstashdata01:/usr/share/logstash/data
      - "./logstash_ingest_data/:/usr/share/logstash/ingest_data/"
      - "./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro"
    environment:
      - xpack.monitoring.enabled=false
      - ELASTIC_USER=elastic
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - ELASTIC_HOSTS=https://es01:9200

.env

# Version of Elastic products
ES_VERSION=8.13.2-1
KB_VERSION=8.13.2-1
LS_VERSION=8.12.1-1
FB_VERSION=8.10.4-1
MB_VERSION=8.6.2

# Set the cluster name
CLUSTER_NAME=docker-cluster


# Set to 'basic' or 'trial' to automatically start the 30-day trial
LICENSE=basic
#LICENSE=trial


# Port to expose Elasticsearch HTTP API to the host
ES_PORT=9200


# Port to expose Kibana to the host
KIBANA_PORT=5601


# Increase or decrease based on the available host memory (in bytes)
ES_MEM_LIMIT=1073741824 
KB_MEM_LIMIT=1073741824
LS_MEM_LIMIT=1073741824


# SAMPLE Predefined Key only to be used in POC environments
ENCRYPTION_KEY=c34d38b3a14956121ff2170e5030b471551370178f43e5626eec58b04a30fae2

ES Startup logs and Exception when curl it


PS C:\DockerELK\ELK> docker compose up
[+] Running 7/7
 ✔ Network elastic               Created                                                                           0.1s
 ✔ Container elk-setup-1         Created                                                                           0.1s
 ✔ Container elk-es01-1          Created                                                                           0.1s
 ✔ Container elk-filebeat01-1    Created                                                                           0.2s
 ✔ Container elk-kibana-1        Created                                                                           0.1s
 ✔ Container elk-metricbeat01-1  Created                                                                           0.2s
 ✔ Container elk-logstash01-1    Created                                                                           0.1s
Attaching to elk-es01-1, elk-filebeat01-1, elk-kibana-1, elk-logstash01-1, elk-metricbeat01-1, elk-setup-1
elk-setup-1         | Setting file permissions
elk-setup-1         | Waiting for Elasticsearch availability
elk-es01-1          | Jan 10, 2025 8:53:55 AM sun.util.locale.provider.LocaleProviderAdapter <clinit>
elk-es01-1          | WARNING: COMPAT locale provider will be removed in a future release
elk-es01-1          | [2025-01-10T08:53:57,359][INFO ][o.e.n.NativeAccess       ] [9b05347c53bc] Using [jdk] native provider and native methods for [Linux]
elk-es01-1          | [2025-01-10T08:53:58,544][INFO ][o.a.l.i.v.PanamaVectorizationProvider] [9b05347c53bc] Java vector incubator API enabled; uses preferredBitSize=256; FMA enabled
elk-es01-1          | [2025-01-10T08:53:59,962][INFO ][o.e.n.Node               ] [9b05347c53bc] version[8.13.2], pid[188], build[tar/16cc90cd2d08a3147ce02b07e50894bc060a4cbf/2024-04-05T14:45:26.420424304Z], OS[Linux/5.15.90.1-microsoft-standard-WSL2/amd64], JVM[Oracle Corporation/OpenJDK 64-Bit Server VM/21.0.2/21.0.2+13-58]
elk-es01-1          | [2025-01-10T08:53:59,969][INFO ][o.e.n.Node               ] [9b05347c53bc] JVM home [/opt/elasticsearch-8.13.2/jdk], using bundled JDK [true]
elk-es01-1          | [2025-01-10T08:53:59,972][INFO ][o.e.n.Node               ] [9b05347c53bc] JVM arguments [-Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -Djava.security.manager=allow, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j2.formatMsgNoLookups=true, -Djava.locale.providers=SPI,COMPAT, --add-opens=java.base/java.io=org.elasticsearch.preallocate, --enable-native-access=org.elasticsearch.nativeaccess, -XX:ReplayDataFile=logs/replay_pid%p.log, -Des.distribution.type=tar, -XX:+UseG1GC, -Djava.io.tmpdir=/tmp/elasticsearch-17937418059855040726, --add-modules=jdk.incubator.vector, -XX:+HeapDumpOnOutOfMemoryError, -XX:+ExitOnOutOfMemoryError, -XX:HeapDumpPath=data, -XX:ErrorFile=logs/hs_err_pid%p.log, -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,level,pid,tags:filecount=32,filesize=64m, -Xms512m, -Xmx512m, -XX:MaxDirectMemorySize=268435456, -XX:G1HeapRegionSize=4m, -XX:InitiatingHeapOccupancyPercent=30, -XX:G1ReservePercent=15, --module-path=/opt/elasticsearch-8.13.2/lib, --add-modules=jdk.net, --add-modules=ALL-MODULE-PATH, -Djdk.module.main=org.elasticsearch.server]
elk-es01-1          | [2025-01-10T08:53:59,975][INFO ][o.e.n.Node               ] [9b05347c53bc] Default Locale [en_US]
elk-es01-1          | [2025-01-10T08:54:11,111][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [repository-url]
elk-es01-1          | [2025-01-10T08:54:11,112][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [rest-root]
elk-es01-1          | [2025-01-10T08:54:11,113][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-core]
elk-es01-1          | [2025-01-10T08:54:11,114][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-redact]
elk-es01-1          | [2025-01-10T08:54:11,115][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [ingest-user-agent]
elk-es01-1          | [2025-01-10T08:54:11,116][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-async-search]
elk-es01-1          | [2025-01-10T08:54:11,116][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-monitoring]
elk-es01-1          | [2025-01-10T08:54:11,120][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [repository-s3]
elk-es01-1          | [2025-01-10T08:54:11,122][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-analytics]
elk-es01-1          | [2025-01-10T08:54:11,123][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-ent-search]
elk-es01-1          | [2025-01-10T08:54:11,124][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-autoscaling]
elk-es01-1          | [2025-01-10T08:54:11,126][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [lang-painless]
elk-es01-1          | [2025-01-10T08:54:11,126][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-ml]
elk-es01-1          | [2025-01-10T08:54:11,127][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [legacy-geo]
elk-es01-1          | [2025-01-10T08:54:11,128][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [lang-mustache]
elk-es01-1          | [2025-01-10T08:54:11,129][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-ql]
elk-es01-1          | [2025-01-10T08:54:11,130][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [rank-rrf]
elk-es01-1          | [2025-01-10T08:54:11,130][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [analysis-common]
elk-es01-1          | [2025-01-10T08:54:11,131][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [health-shards-availability]
elk-es01-1          | [2025-01-10T08:54:11,132][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [transport-netty4]
elk-es01-1          | [2025-01-10T08:54:11,133][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [aggregations]
elk-es01-1          | [2025-01-10T08:54:11,134][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [ingest-common]
elk-es01-1          | [2025-01-10T08:54:11,138][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-identity-provider]
elk-es01-1          | [2025-01-10T08:54:11,141][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [frozen-indices]
elk-es01-1          | [2025-01-10T08:54:11,143][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-text-structure]
elk-es01-1          | [2025-01-10T08:54:11,143][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-shutdown]
elk-es01-1          | [2025-01-10T08:54:11,144][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [snapshot-repo-test-kit]
elk-es01-1          | [2025-01-10T08:54:11,145][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [ml-package-loader]
elk-es01-1          | [2025-01-10T08:54:11,146][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [kibana]
elk-es01-1          | [2025-01-10T08:54:11,146][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [constant-keyword]
elk-es01-1          | [2025-01-10T08:54:11,147][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-logstash]
elk-es01-1          | [2025-01-10T08:54:11,148][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-graph]
elk-es01-1          | [2025-01-10T08:54:11,148][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-ccr]
elk-es01-1          | [2025-01-10T08:54:11,149][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-esql]
elk-es01-1          | [2025-01-10T08:54:11,161][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [parent-join]
elk-es01-1          | [2025-01-10T08:54:11,161][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [counted-keyword]
elk-es01-1          | [2025-01-10T08:54:11,162][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-enrich]
elk-es01-1          | [2025-01-10T08:54:11,163][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [repositories-metering-api]
elk-es01-1          | [2025-01-10T08:54:11,164][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [transform]
elk-es01-1          | [2025-01-10T08:54:11,165][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [repository-azure]
elk-es01-1          | [2025-01-10T08:54:11,166][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [repository-gcs]
elk-es01-1          | [2025-01-10T08:54:11,167][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [spatial]
elk-es01-1          | [2025-01-10T08:54:11,168][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [mapper-version]
elk-es01-1          | [2025-01-10T08:54:11,168][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [apm]
elk-es01-1          | [2025-01-10T08:54:11,169][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [mapper-extras]
elk-es01-1          | [2025-01-10T08:54:11,170][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-rollup]
elk-es01-1          | [2025-01-10T08:54:11,171][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [percolator]
elk-es01-1          | [2025-01-10T08:54:11,171][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-stack]
elk-es01-1          | [2025-01-10T08:54:11,172][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [data-streams]
elk-es01-1          | [2025-01-10T08:54:11,173][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [rank-eval]
elk-es01-1          | [2025-01-10T08:54:11,174][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [reindex]
elk-es01-1          | [2025-01-10T08:54:11,175][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-security]
elk-es01-1          | [2025-01-10T08:54:11,176][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [blob-cache]
elk-es01-1          | [2025-01-10T08:54:11,176][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [searchable-snapshots]
elk-es01-1          | [2025-01-10T08:54:11,179][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-slm]
elk-es01-1          | [2025-01-10T08:54:11,181][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [snapshot-based-recoveries]
elk-es01-1          | [2025-01-10T08:54:11,182][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-watcher]
elk-es01-1          | [2025-01-10T08:54:11,183][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [old-lucene-versions]
elk-es01-1          | [2025-01-10T08:54:11,184][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-ilm]
elk-es01-1          | [2025-01-10T08:54:11,184][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-inference]
elk-es01-1          | [2025-01-10T08:54:11,185][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-voting-only-node]
elk-es01-1          | [2025-01-10T08:54:11,185][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-deprecation]
elk-es01-1          | [2025-01-10T08:54:11,186][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-fleet]
elk-es01-1          | [2025-01-10T08:54:11,186][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-aggregate-metric]
elk-es01-1          | [2025-01-10T08:54:11,187][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-downsample]
elk-es01-1          | [2025-01-10T08:54:11,188][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-profiling]
elk-es01-1          | [2025-01-10T08:54:11,189][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [ingest-geoip]
elk-es01-1          | [2025-01-10T08:54:11,190][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-write-load-forecaster]
elk-es01-1          | [2025-01-10T08:54:11,191][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [search-business-rules]
elk-es01-1          | [2025-01-10T08:54:11,191][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [wildcard]
elk-es01-1          | [2025-01-10T08:54:11,192][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [ingest-attachment]
elk-es01-1          | [2025-01-10T08:54:11,192][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-apm-data]
elk-es01-1          | [2025-01-10T08:54:11,193][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-sql]
elk-es01-1          | [2025-01-10T08:54:11,194][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [unsigned-long]
elk-es01-1          | [2025-01-10T08:54:11,195][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [runtime-fields-common]
elk-es01-1          | [2025-01-10T08:54:11,195][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-async]
elk-es01-1          | [2025-01-10T08:54:11,196][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [vector-tile]
elk-es01-1          | [2025-01-10T08:54:11,196][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [lang-expression]
elk-es01-1          | [2025-01-10T08:54:11,197][INFO ][o.e.p.PluginsService     ] [9b05347c53bc] loaded module [x-pack-eql]
elk-es01-1          | [2025-01-10T08:54:13,895][INFO ][o.e.e.NodeEnvironment    ] [9b05347c53bc] using [1] data paths, mounts [[/ (overlay)]], net usable_space [947.5gb], net total_space [1006.8gb], types [overlay]
elk-es01-1          | [2025-01-10T08:54:13,897][INFO ][o.e.e.NodeEnvironment    ] [9b05347c53bc] heap size [512mb], compressed ordinary object pointers [true]
elk-es01-1          | [2025-01-10T08:54:13,916][INFO ][o.e.n.Node               ] [9b05347c53bc] node name [9b05347c53bc], node ID [ONEqACaFS3yycwDBi_CIBg], cluster name [elasticsearch], roles [data_frozen, ingest, data_cold, data, remote_cluster_client, master, data_warm, data_content, transform, data_hot, ml]
elk-es01-1          | [2025-01-10T08:54:23,975][INFO ][o.e.f.FeatureService     ] [9b05347c53bc] Registered local node features [data_stream.rollover.lazy, desired_node.version_deprecated, features_supported, health.dsl.info, health.extended_repository_indicator, usage.data_tiers.precalculate_stats]
elk-es01-1          | [2025-01-10T08:54:26,062][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [9b05347c53bc] [controller/216] [Main.cc@123] controller (64 bit): Version 8.13.2 (Build fdd7177d8c1325) Copyright (c) 2024 Elasticsearch BV
elk-es01-1          | [2025-01-10T08:54:27,073][INFO ][o.e.t.a.APM              ] [9b05347c53bc] Sending apm metrics is disabled
elk-es01-1          | [2025-01-10T08:54:27,074][INFO ][o.e.t.a.APM              ] [9b05347c53bc] Sending apm tracing is disabled
elk-es01-1          | [2025-01-10T08:54:27,157][INFO ][o.e.x.s.Security         ] [9b05347c53bc] Security is enabled
elk-es01-1          | [2025-01-10T08:54:29,496][INFO ][o.e.x.s.a.s.FileRolesStore] [9b05347c53bc] parsed [0] roles from file [/opt/elasticsearch/config/roles.yml]
elk-es01-1          | [2025-01-10T08:54:30,729][INFO ][o.e.x.s.InitialNodeSecurityAutoConfiguration] [9b05347c53bc] Auto-configuration will not generate a password for the elastic built-in superuser, as we cannot  determine if there is a terminal attached to the elasticsearch process. You can use the `bin/elasticsearch-reset-password` tool to set the password for the elastic user.
elk-es01-1          | [2025-01-10T08:54:31,570][INFO ][o.e.x.w.Watcher          ] [9b05347c53bc] Watcher initialized components at 2025-01-10T08:54:31.569Z
elk-es01-1          | [2025-01-10T08:54:31,742][INFO ][o.e.x.p.ProfilingPlugin  ] [9b05347c53bc] Profiling is enabled
elk-es01-1          | [2025-01-10T08:54:31,808][INFO ][o.e.x.p.ProfilingPlugin  ] [9b05347c53bc] profiling index templates will not be installed or reinstalled
elk-es01-1          | [2025-01-10T08:54:31,829][INFO ][o.e.x.a.APMPlugin        ] [9b05347c53bc] APM ingest plugin is disabled
elk-es01-1          | [2025-01-10T08:54:33,388][INFO ][o.e.t.n.NettyAllocator   ] [9b05347c53bc] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]
elk-es01-1          | [2025-01-10T08:54:33,468][INFO ][o.e.i.r.RecoverySettings ] [9b05347c53bc] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]
elk-es01-1          | [2025-01-10T08:54:33,645][INFO ][o.e.d.DiscoveryModule    ] [9b05347c53bc] using discovery type [multi-node] and seed hosts providers [settings]
elk-es01-1          | [2025-01-10T08:54:37,699][INFO ][o.e.n.Node               ] [9b05347c53bc] initialized
elk-es01-1          | [2025-01-10T08:54:37,701][INFO ][o.e.n.Node               ] [9b05347c53bc] starting ...
elk-es01-1          | [2025-01-10T08:54:37,756][INFO ][o.e.x.s.c.f.PersistentCache] [9b05347c53bc] persistent cache index loaded
elk-es01-1          | [2025-01-10T08:54:37,758][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [9b05347c53bc] deprecation component started
elk-es01-1          | [2025-01-10T08:54:38,131][INFO ][o.e.t.TransportService   ] [9b05347c53bc] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}
elk-es01-1          | [2025-01-10T08:54:38,659][INFO ][o.e.c.c.ClusterBootstrapService] [9b05347c53bc] this node has not joined a bootstrapped cluster yet; [cluster.initial_master_nodes] is set to [9b05347c53bc]
elk-es01-1          | [2025-01-10T08:54:38,679][INFO ][o.e.c.c.Coordinator      ] [9b05347c53bc] setting initial configuration to VotingConfiguration{ONEqACaFS3yycwDBi_CIBg}
elk-es01-1          | [2025-01-10T08:54:39,008][INFO ][o.e.c.s.MasterService    ] [9b05347c53bc] elected-as-master ([1] nodes joined in term 1)[_FINISH_ELECTION_, {9b05347c53bc}{ONEqACaFS3yycwDBi_CIBg}{UnVI1d3GR0eU49Hbp40k4Q}{9b05347c53bc}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000} completing election], term: 1, version: 1, delta: master node changed {previous [], current [{9b05347c53bc}{ONEqACaFS3yycwDBi_CIBg}{UnVI1d3GR0eU49Hbp40k4Q}{9b05347c53bc}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}]}
elk-es01-1          | [2025-01-10T08:54:39,090][INFO ][o.e.c.c.CoordinationState] [9b05347c53bc] cluster UUID set to [RIYE-mgLS1uRCwOf1h0AAw]
elk-es01-1          | [2025-01-10T08:54:39,154][INFO ][o.e.c.s.ClusterApplierService] [9b05347c53bc] master node changed {previous [], current [{9b05347c53bc}{ONEqACaFS3yycwDBi_CIBg}{UnVI1d3GR0eU49Hbp40k4Q}{9b05347c53bc}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}]}, term: 1, version: 1, reason: Publication{term=1, version=1}
elk-es01-1          | [2025-01-10T08:54:39,255][INFO ][o.e.c.f.AbstractFileWatchingService] [9b05347c53bc] starting file watcher ...
elk-es01-1          | [2025-01-10T08:54:39,325][INFO ][o.e.c.f.AbstractFileWatchingService] [9b05347c53bc] file settings service up and running [tid=69]
elk-es01-1          | [2025-01-10T08:54:39,343][INFO ][o.e.h.AbstractHttpServerTransport] [9b05347c53bc] publish_address {172.19.0.3:9200}, bound_addresses {0.0.0.0:9200}
elk-es01-1          | [2025-01-10T08:54:39,344][INFO ][o.e.c.c.NodeJoinExecutor ] [9b05347c53bc] node-join: [{9b05347c53bc}{ONEqACaFS3yycwDBi_CIBg}{UnVI1d3GR0eU49Hbp40k4Q}{9b05347c53bc}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}] with reason [completing election]
elk-es01-1          | [2025-01-10T08:54:39,393][INFO ][o.e.n.Node               ] [9b05347c53bc] started {9b05347c53bc}{ONEqACaFS3yycwDBi_CIBg}{UnVI1d3GR0eU49Hbp40k4Q}{9b05347c53bc}{127.0.0.1}{127.0.0.1:9300}{cdfhilmrstw}{8.13.2}{7000099-8503000}{ml.allocated_processors_double=12.0, ml.allocated_processors=12, ml.machine_memory=1073741824, transform.config_version=10.0.0, xpack.installed=true, ml.config_version=12.0.0, ml.max_jvm_size=536870912}
elk-es01-1          | [2025-01-10T08:54:39,544][INFO ][o.e.g.GatewayService     ] [9b05347c53bc] recovered [0] indices into cluster_state
elk-es01-1          | [2025-01-10T08:54:39,982][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.monitoring-kibana-mb] for index patterns [.monitoring-kibana-8-*]
elk-es01-1          | [2025-01-10T08:54:40,045][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.monitoring-ent-search-mb] for index patterns [.monitoring-ent-search-8-*]
elk-es01-1          | [2025-01-10T08:54:40,104][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.monitoring-logstash-mb] for index patterns [.monitoring-logstash-8-*]
elk-es01-1          | [2025-01-10T08:54:40,119][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [elastic-connectors-settings]
elk-es01-1          | [2025-01-10T08:54:40,131][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [elastic-connectors-sync-jobs-settings]
elk-es01-1          | [2025-01-10T08:54:40,186][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [elastic-connectors-sync-jobs-mappings]
elk-es01-1          | [2025-01-10T08:54:40,230][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [behavioral_analytics-events-mappings]
elk-es01-1          | [2025-01-10T08:54:40,243][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [search-acl-filter] for index patterns [.search-acl-filter-*]
elk-es01-1          | [2025-01-10T08:54:40,268][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.ml-stats] for index patterns [.ml-stats-*]
elk-es01-1          | [2025-01-10T08:54:40,291][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [elastic-connectors-mappings]
elk-es01-1          | [2025-01-10T08:54:40,320][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding template [.monitoring-logstash] for index patterns [.monitoring-logstash-7-*]
elk-es01-1          | [2025-01-10T08:54:40,358][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding template [.monitoring-beats] for index patterns [.monitoring-beats-7-*]
elk-es01-1          | [2025-01-10T08:54:40,378][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding template [.monitoring-alerts-7] for index patterns [.monitoring-alerts-7]
elk-es01-1          | [2025-01-10T08:54:40,395][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding template [.monitoring-kibana] for index patterns [.monitoring-kibana-7-*]
elk-es01-1          | [2025-01-10T08:54:40,452][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding template [.monitoring-es] for index patterns [.monitoring-es-7-*]
elk-es01-1          | [2025-01-10T08:54:40,498][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.monitoring-beats-mb] for index patterns [.monitoring-beats-8-*]
elk-es01-1          | [2025-01-10T08:54:40,517][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.ml-notifications-000002] for index patterns [.ml-notifications-000002]
elk-es01-1          | [2025-01-10T08:54:40,531][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.ml-state] for index patterns [.ml-state*]
elk-es01-1          | [2025-01-10T08:54:40,574][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.ml-anomalies-] for index patterns [.ml-anomalies-*]
elk-es01-1          | [2025-01-10T08:54:40,658][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.monitoring-es-mb] for index patterns [.monitoring-es-8-*]
elk-es01-1          | [2025-01-10T08:54:40,667][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [synthetics-settings]
elk-es01-1          | [2025-01-10T08:54:40,682][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [logs-mappings]
elk-es01-1          | [2025-01-10T08:54:40,688][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [metrics-tsdb-settings]
elk-es01-1          | [2025-01-10T08:54:40,699][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [synthetics-mappings]
elk-es01-1          | [2025-01-10T08:54:40,722][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [ecs@dynamic_templates]
elk-es01-1          | [2025-01-10T08:54:40,732][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [metrics-settings]
elk-es01-1          | [2025-01-10T08:54:40,738][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [metrics@tsdb-settings]
elk-es01-1          | [2025-01-10T08:54:40,747][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [synthetics@settings]
elk-es01-1          | [2025-01-10T08:54:40,755][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [metrics@settings]
elk-es01-1          | [2025-01-10T08:54:40,768][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [data-streams-mappings]
elk-es01-1          | [2025-01-10T08:54:40,784][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [metrics-mappings]
elk-es01-1          | [2025-01-10T08:54:40,799][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [ecs@mappings]
elk-es01-1          | [2025-01-10T08:54:40,813][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [logs@mappings]
elk-es01-1          | [2025-01-10T08:54:40,831][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [data-streams@mappings]
elk-es01-1          | [2025-01-10T08:54:40,842][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [metrics@mappings]
elk-es01-1          | [2025-01-10T08:54:40,852][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [synthetics@mappings]
elk-es01-1          | [2025-01-10T08:54:40,924][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.kibana-reporting] for index patterns [.kibana-reporting*]
elk-es01-1          | [2025-01-10T08:54:40,937][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.slm-history-7] for index patterns [.slm-history-7*]
elk-es01-1          | [2025-01-10T08:54:40,948][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [ilm-history-7] for index patterns [ilm-history-7*]
elk-es01-1          | [2025-01-10T08:54:40,953][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [.deprecation-indexing-settings]
elk-es01-1          | [2025-01-10T08:54:40,962][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [.deprecation-indexing-mappings]
elk-es01-1          | [2025-01-10T08:54:40,974][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.fleet-fileds-fromhost-meta] for index patterns [.fleet-fileds-fromhost-meta-*]
elk-es01-1          | [2025-01-10T08:54:40,991][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.fleet-fileds-fromhost-data] for index patterns [.fleet-fileds-fromhost-data-*]
elk-es01-1          | [2025-01-10T08:54:41,003][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.fleet-fileds-tohost-meta] for index patterns [.fleet-fileds-tohost-meta-*]
elk-es01-1          | [2025-01-10T08:54:41,014][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.fleet-fileds-tohost-data] for index patterns [.fleet-fileds-tohost-data-*]
elk-es01-1          | [2025-01-10T08:54:41,037][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.watch-history-16] for index patterns [.watcher-history-16*]
elk-es01-1          | [2025-01-10T08:54:41,164][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [elastic-connectors] for index patterns [.elastic-connectors-v1]
elk-es01-1          | [2025-01-10T08:54:41,181][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [elastic-connectors-sync-jobs] for index patterns [.elastic-connectors-sync-jobs-v1]
elk-es01-1          | [2025-01-10T08:54:41,193][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [metrics] for index patterns [metrics-*-*]
elk-es01-1          | [2025-01-10T08:54:41,205][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [synthetics] for index patterns [synthetics-*-*]
elk-es01-1          | [2025-01-10T08:54:41,216][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [.deprecation-indexing-template] for index patterns [.logs-deprecation.*]
elk-es01-1          | [2025-01-10T08:54:41,300][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.monitoring-8-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:41,426][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [ml-size-based-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:41,598][INFO ][o.e.x.c.t.IndexTemplateRegistry] [9b05347c53bc] adding ingest pipeline behavioral_analytics-events-final_pipeline
elk-es01-1          | [2025-01-10T08:54:41,599][INFO ][o.e.x.c.t.IndexTemplateRegistry] [9b05347c53bc] adding ingest pipeline logs-default-pipeline
elk-es01-1          | [2025-01-10T08:54:41,599][INFO ][o.e.x.c.t.IndexTemplateRegistry] [9b05347c53bc] adding ingest pipeline logs@default-pipeline
elk-es01-1          | [2025-01-10T08:54:41,600][INFO ][o.e.x.c.t.IndexTemplateRegistry] [9b05347c53bc] adding ingest pipeline ent-search-generic-ingestion
elk-es01-1          | [2025-01-10T08:54:41,601][INFO ][o.e.x.c.t.IndexTemplateRegistry] [9b05347c53bc] adding ingest pipeline logs@json-message
elk-es01-1          | [2025-01-10T08:54:41,602][INFO ][o.e.x.c.t.IndexTemplateRegistry] [9b05347c53bc] adding ingest pipeline logs@json-pipeline
elk-es01-1          | [2025-01-10T08:54:41,615][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [behavioral_analytics-events-settings]
elk-es01-1          | [2025-01-10T08:54:41,632][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [logs-settings]
elk-es01-1          | [2025-01-10T08:54:41,646][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding component template [logs@settings]
elk-es01-1          | [2025-01-10T08:54:41,748][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [behavioral_analytics-events-default] for index patterns [behavioral_analytics-events-*]
elk-es01-1          | [2025-01-10T08:54:41,762][INFO ][o.e.c.m.MetadataIndexTemplateService] [9b05347c53bc] adding index template [logs] for index patterns [logs-*-*]
elk-es01-1          | [2025-01-10T08:54:41,839][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [logs]
elk-es01-1          | [2025-01-10T08:54:41,924][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [synthetics]
elk-es01-1          | [2025-01-10T08:54:41,996][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [180-days-default]
elk-es01-1          | [2025-01-10T08:54:42,091][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [90-days-default]
elk-es01-1          | [2025-01-10T08:54:42,158][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [365-days-default]
elk-es01-1          | [2025-01-10T08:54:42,222][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [metrics]
elk-es01-1          | [2025-01-10T08:54:42,287][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [7-days-default]
elk-es01-1          | [2025-01-10T08:54:42,350][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [30-days-default]
elk-es01-1          | [2025-01-10T08:54:42,406][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [logs@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,472][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [synthetics@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,538][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [metrics@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,596][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [7-days@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,657][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [90-days@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,715][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [180-days@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,770][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [365-days@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,836][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [30-days@lifecycle]
elk-es01-1          | [2025-01-10T08:54:42,900][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [slm-history-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:42,970][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [watch-history-ilm-policy-16]
elk-es01-1          | [2025-01-10T08:54:43,033][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [ilm-history-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,106][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.deprecation-indexing-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,161][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.fleet-file-tohost-meta-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,213][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.fleet-file-fromhost-data-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,265][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.fleet-file-fromhost-meta-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,322][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.fleet-file-tohost-data-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,379][INFO ][o.e.x.i.a.TransportPutLifecycleAction] [9b05347c53bc] adding index lifecycle policy [.fleet-actions-results-ilm-policy]
elk-es01-1          | [2025-01-10T08:54:43,557][INFO ][o.e.h.n.s.HealthNodeTaskExecutor] [9b05347c53bc] Node [{9b05347c53bc}{ONEqACaFS3yycwDBi_CIBg}] is selected as the current health node.
elk-es01-1          | [2025-01-10T08:54:43,776][INFO ][o.e.x.s.a.Realms         ] [9b05347c53bc] license mode is [basic], currently licensed security realms are [reserved/reserved,file/default_file,native/default_native]
elk-es01-1          | [2025-01-10T08:54:43,783][INFO ][o.e.l.ClusterStateLicenseService] [9b05347c53bc] license [2af74ecc-596a-4cb3-a292-863e9def45af] mode [basic] - valid
elk-es01-1          | [2025-01-10T08:55:00,485][WARN ][o.e.h.AbstractHttpServerTransport] [9b05347c53bc] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/172.19.0.3:9200, remoteAddress=/172.19.0.2:50664} io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
elk-es01-1          |   at io.netty.codec@4.1.94.Final/io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499)
elk-es01-1          |   at io.netty.codec@4.1.94.Final/io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652)
elk-es01-1          |   at io.netty.transport@4.1.94.Final/io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
elk-es01-1          |   at io.netty.common@4.1.94.Final/io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
elk-es01-1          |   at io.netty.common@4.1.94.Final/io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
elk-es01-1          |   at java.base/java.lang.Thread.run(Thread.java:1583)
elk-es01-1          | Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
elk-es01-1          |   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
elk-es01-1          |   at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
elk-es01-1          |   at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365)
elk-es01-1          |   at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287)
elk-es01-1          |   at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
elk-es01-1          |   at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
elk-es01-1          |   at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736)
elk-es01-1          |   at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691)
elk-es01-1          |   at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506)
elk-es01-1          |   at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482)
elk-es01-1          |   at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679)
elk-es01-1          |   at io.netty.handler@4.1.94.Final/io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:297)
elk-es01-1          |   at io.netty.handler@4.1.94.Final/io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1353)
elk-es01-1          |   at io.netty.handler@4.1.94.Final/io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1246)
elk-es01-1          |   at io.netty.handler@4.1.94.Final/io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1295)
elk-es01-1          |   at io.netty.codec@4.1.94.Final/io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529)
elk-es01-1          |   at io.netty.codec@4.1.94.Final/io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468)
elk-es01-1          |   ... 16 more
elk-es01-1          |

Exactly what command are you trying to curl with ... exactly and show the response as well. And assume you did set the passwords etc in the .env file..

Also you should start from these directions

And this yml I noticed yours is definitely different

Please find the curl I try to use and the corresponding output below. Given the containter env output showing password argument set properly.
Regarding your second point to use elasticsearch/docs/reference/setup/install/docker/docker-compose.yml at 8.17 · elastic/elasticsearch · GitHub
I've just trying to have single node of ES, Kibana, Logstach, file & metric beat.
I've also updated some paths to make to work, I believe its due to docker on windows, apart from that I couldn't find any different.

  1. unzip config/certs/ca.zip -d config/certs; to unzip /usr/share/elasticsearch/config/certs/ca.zip -d /usr/share/elasticsearch/config/certs;
  2. chown -R root:root /usr/share/elasticsearch/config/certs;
    cd /usr/share/elasticsearch/ (if I'm not changing it, it try to set it from root to each and every files & folders
  3. instead of taking docker image from docker.io, taking from orginzation repo URL
curl -v -k --cacert ca.crt -u "elastic:changeme" https://localhost:9200
*   Trying [::1]:9200...
* Connected to localhost (::1) port 9200
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* using HTTP/1.x
* Server auth using Basic with user 'elastic'
> GET / HTTP/1.1
> Host: localhost:9200
> Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==
> User-Agent: curl/8.4.0
> Accept: */*
>
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 401 Unauthorized
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="security" charset="UTF-8"
< WWW-Authenticate: Bearer realm="security"
< WWW-Authenticate: ApiKey
< content-type: application/json
< content-length: 465
<
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}* Connection #0 to host localhost left intact
docker container inspect d6856011553a
[
    {
        "Id": "d6856011553a65724f9be695d95e8778b5450998beb1414e69340d5743533e6f",
        "Created": "2025-01-13T04:04:49.255146834Z",
        "Path": "start-elastic.sh",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 6304,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2025-01-13T04:04:59.462419122Z",
            "FinishedAt": "0001-01-01T00:00:00Z",
            "Health": {
                "Status": "starting",
                "FailingStreak": 97,
                "Log": [
                    {
                        "Start": "2025-01-13T04:21:18.563294353Z",
                        "End": "2025-01-13T04:21:19.000758469Z",
                        "ExitCode": 1,
                        "Output": ""
                    },
                    {
                        "Start": "2025-01-13T04:21:29.012120407Z",
                        "End": "2025-01-13T04:21:29.505009379Z",
                        "ExitCode": 1,
                        "Output": ""
                    },
                    {
                        "Start": "2025-01-13T04:21:39.518369125Z",
                        "End": "2025-01-13T04:21:40.070031477Z",
                        "ExitCode": 1,
                        "Output": ""
                    },
                    {
                        "Start": "2025-01-13T04:21:50.084513839Z",
                        "End": "2025-01-13T04:21:50.619872161Z",
                        "ExitCode": 1,
                        "Output": ""
                    },
                    {
                        "Start": "2025-01-13T04:22:00.634761846Z",
                        "End": "2025-01-13T04:22:01.098591155Z",
                        "ExitCode": 1,
                        "Output": ""
                    }
                ]
            }
        },
        "Image": "sha256:859bf1412324e1e9c656bb0a3d5ac3e7751294ea2a320e2797d64648a2832312",
        "ResolvConfPath": "/var/lib/docker/containers/d6856011553a65724f9be695d95e8778b5450998beb1414e69340d5743533e6f/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/d6856011553a65724f9be695d95e8778b5450998beb1414e69340d5743533e6f/hostname",
        "HostsPath": "/var/lib/docker/containers/d6856011553a65724f9be695d95e8778b5450998beb1414e69340d5743533e6f/hosts",
        "LogPath": "/var/lib/docker/containers/d6856011553a65724f9be695d95e8778b5450998beb1414e69340d5743533e6f/d6856011553a65724f9be695d95e8778b5450998beb1414e69340d5743533e6f-json.log",
        "Name": "/elk-es01-1",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "elastic",
            "PortBindings": {
                "9200/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "9200"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "ConsoleSize": [
                0,
                0
            ],
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": [],
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "sysbox-runc",
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 1073741824,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "MemoryReservation": 0,
            "MemorySwap": 2147483648,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": [
                {
                    "Name": "memlock",
                    "Hard": -1,
                    "Soft": -1
                }
            ],
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "Mounts": [
                {
                    "Type": "volume",
                    "Source": "elk_certs",
                    "Target": "/usr/share/elasticsearch/config/certs",
                    "VolumeOptions": {}
                },
                {
                    "Type": "volume",
                    "Source": "elk_esdata01",
                    "Target": "/usr/share/elasticsearch/data",
                    "VolumeOptions": {}
                }
            ],
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/7c73969b4943e9c6ef807814d4c55664432bd9be20b9e6404760bb66288bede3-init/diff:/var/lib/docker/overlay2/d7a025a3cd4982821f8d0153fc7e9a47a7e0871abb7fa93c8ad1e857e8109b06/diff:/var/lib/docker/overlay2/09fa8e5fd193ef47be9ed4f9b0f150a8c717d5be3119c09b1941bc37a700f7b5/diff:/var/lib/docker/overlay2/f8cb309b6723dcb4df75e66d3fb36c7bb3b6b15d79d462522623619083093df8/diff:/var/lib/docker/overlay2/6857dcb7b4d57e7d5cf5a68e635add4504ac90fc407effb17046ae2a7539cd7e/diff:/var/lib/docker/overlay2/4c1f6c68c12ba94061ccf4aad54fb2a5273279c3a3f1b5404be301e7f0b78dfe/diff:/var/lib/docker/overlay2/b26069182c1380cc132427f925d4a5da3c0030e84064ffae58b3ea726876e813/diff:/var/lib/docker/overlay2/c22e80398f13d0b24fe82760fb1fd252fa93b0dfff871263649a2bf03a0180f6/diff:/var/lib/docker/overlay2/ff128c7a653447a2c2857f6d659d27b840b5752dcc8750a698b5b41b388cca1f/diff:/var/lib/docker/overlay2/b22732c8f0a7e7aa0812c20252d262f2db104e7a8243c2cfceb9f9081ce3c916/diff:/var/lib/docker/overlay2/072e48dd82c95f0548f57cbb8efae27fc293a1f324ca2a3a377de047a3ff3ae5/diff:/var/lib/docker/overlay2/1e75e55c313297ea0bb5a5462a1f7fe20fdb0e51b41b19990d73181abc223ec5/diff:/var/lib/docker/overlay2/51c91cb8a73f13f7bf3fd131d6d1edc9b64d71609e52f7334bc4555571cea721/diff:/var/lib/docker/overlay2/b8fb518f8805b02a2a756eec7aae7c4e4144d8cbdc4c1668bc9eaa7289985c93/diff",
                "MergedDir": "/var/lib/docker/overlay2/7c73969b4943e9c6ef807814d4c55664432bd9be20b9e6404760bb66288bede3/merged",
                "UpperDir": "/var/lib/docker/overlay2/7c73969b4943e9c6ef807814d4c55664432bd9be20b9e6404760bb66288bede3/diff",
                "WorkDir": "/var/lib/docker/overlay2/7c73969b4943e9c6ef807814d4c55664432bd9be20b9e6404760bb66288bede3/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [
            {
                "Type": "volume",
                "Name": "elk_esdata01",
                "Source": "/var/lib/docker/volumes/elk_esdata01/_data",
                "Destination": "/usr/share/elasticsearch/data",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            },
            {
                "Type": "volume",
                "Name": "elk_certs",
                "Source": "/var/lib/docker/volumes/elk_certs/_data",
                "Destination": "/usr/share/elasticsearch/config/certs",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "d6856011553a",
            "Domainname": "",
            "User": "elastic",
            "AttachStdin": false,
            "AttachStdout": true,
            "AttachStderr": true,
            "ExposedPorts": {
                "9200/tcp": {},
                "9300/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "ES_PATH_CONF=/opt/elasticsearch/config",
                "xpack.security.transport.ssl.key=certs/es01/es01.key",
                "xpack.security.transport.ssl.verification_mode=certificate",
                "xpack.license.self_generated.type=basic",
                "xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt",
                "discovery.type=single-node",
                "xpack.security.http.ssl.certificate=certs/es01/es01.crt",
                "xpack.security.transport.ssl.enabled=true",
                "xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt",
                "cluster.name=docker-cluster",
                "xpack.security.http.ssl.key=certs/es01/es01.key",
                "xpack.security.enabled=true",
                "xpack.security.transport.ssl.certificate=certs/es01/es01.crt",
                "node.name=es01",
                "ELASTIC_PASSWORD=changeme",
                "xpack.security.http.ssl.enabled=true",
                "cluster.initial_master_nodes=es01",
                "bootstrap.memory_lock=true",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "container=oci",
                "TZ=Europe/London",
                "OPENSHIFT_IDENT_LV0=7.9-1057",
                "ELASTIC_VERSION=8.13.2",
                "ES_HOME=/opt/elasticsearch"
            ],
            "Cmd": [
                "start-elastic.sh"
            ],
            "Healthcheck": {
                "Test": [
                    "CMD-SHELL",
                    "curl -s --cacert certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'"
                ],
                "Interval": 10000000000,
                "Timeout": 10000000000,
                "Retries": 120
            },
            "Image": "nexus-amazon-dev-docker-registry.barclays.intranet/barclays-int-eqportal/elasticsearch:8.13.2-1",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {
                "Name": "unix/rhel7",
                "Release": "137",
                "Version": "7.9",
                "architecture": "x86_64",
                "build-date": "2023-06-08 10:18:45",
                "co.elastic.logs/module": "elasticsearch",
                "com.docker.compose.config-hash": "430b3ef585afd5c012a3af5613eab18a59851ceb0ffb6cb88af01bfce44b77e6",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.depends_on": "setup:service_healthy:false",
                "com.docker.compose.image": "sha256:859bf1412324e1e9c656bb0a3d5ac3e7751294ea2a320e2797d64648a2832312",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "elk",
                "com.docker.compose.project.config_files": "C:\\Abraham\\DockerELK\\ELK\\docker-compose.yml",
                "com.docker.compose.project.working_dir": "C:\\Abraham\\DockerELK\\ELK",
                "com.docker.compose.service": "es01",
                "com.docker.compose.version": "2.21.0",
                "com.redhat.component": "rhel-server-container",
                "com.redhat.license_terms": "https://www.redhat.com/agreements",
                "description": "The Red Hat Enterprise Linux Base image is designed to be a fully supported foundation for your containerized applications. This base image provides your operations and application teams with the packages, language runtimes and tools necessary to run, maintain, and troubleshoot all of your applications. This image is maintained by Red Hat and updated regularly. It is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. When used as the source for all of your containers, only one copy will ever be downloaded and cached in your production environment. Use this image just like you would a regular Red Hat Enterprise Linux distribution. Tools like yum, gzip, and bash are provided by default. For further information on how this image was built look at the /root/anacanda-ks.cfg file.",
                "distribution-scope": "Barclays",
                "io.buildah.version": "1.27.3",
                "io.k8s.description": "The Red Hat Enterprise Linux Base image is designed to be a fully supported foundation for your containerized applications. This base image provides your operations and application teams with the packages, language runtimes and tools necessary to run, maintain, and troubleshoot all of your applications. This image is maintained by Red Hat and updated regularly. It is designed and engineered to be the base layer for all of your containerized applications, middleware and utilities. When used as the source for all of your containers, only one copy will ever be downloaded and cached in your production environment. Use this image just like you would a regular Red Hat Enterprise Linux distribution. Tools like yum, gzip, and bash are provided by default. For further information on how this image was built look at the /root/anacanda-ks.cfg file.",
                "io.k8s.display-name": "Red Hat Enterprise Linux 7",
                "io.openshift.tags": "base rhel7",
                "maintainer": "EQ PLD BTB EMEA",
                "name": "unix/rhel7",
                "org.label-schema.description": "Elasticsearch",
                "org.label-schema.name": "elasticsearch",
                "org.label-schema.schema-version": "1.0",
                "org.label-schema.vcs-url": "https://eqbitbucket.barcapint.com/projects/PSEC/repos/pld-parent/browse/docker",
                "org.label-schema.version": "8.13.2",
                "prisma_email_alert": "PORTALDEV@barclayscapital.com",
                "release": "137",
                "summary": "Provides the latest release of Red Hat Enterprise Linux 7 in a fully featured and supported base image.",
                "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel7/images/7.9-1057",
                "vcs-ref": "a4d1f0b8a9b923ca309da182943d17fe639d8c95",
                "vcs-type": "git",
                "vendor": "Red Hat, Inc.",
                "version": "7.9"
            }
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "763388a8a53abd5df46760988f82b8946a156cfffe9aa750ce9b3086111b75a6",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "9200/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "9200"
                    }
                ],
                "9300/tcp": null
            },
            "SandboxKey": "/var/run/docker/netns/763388a8a53a",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "elastic": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "elk-es01-1",
                        "es01",
                        "d6856011553a"
                    ],
                    "NetworkID": "2d6f6059f16859cf18c1fc7d8df44a953b54cd2d0dede45db8a963850c873852",
                    "EndpointID": "b91f637d4408adc62d8c338056a96b1b2a5676002ee9a47484b8f39d02389956",
                    "Gateway": "172.20.0.1",
                    "IPAddress": "172.20.0.3",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:14:00:03",
                    "DriverOpts": null
                }
            }
        }
    }
]

You curl that is 401 ... Unauthorized... Wrong Password. Period. ... now why that could be a few things...

Since you don't show the password in the .env I can say if it is right or not... You need to set ELASTIC_PASSWORD and KIBANA_PASSWORD in the .env file...if you did not you need to clean everything up including the volumes and start over

The other changes you made ... Not sure why... But ok.

Try cleaning everything... Including the mounts ...that is often the problem something goes wrong early and the repeated tries does not create a new data directory so nothing really changes.

I also recommend to get Just Elasticsearch and Kibana working first

Here is my Single Node that works

# version: "2.2"

services:
  setup:
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
    user: "0"
    command: >
      bash -c '
        if [ x${ELASTIC_PASSWORD} == x ]; then
          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
          exit 1;
        elif [ x${KIBANA_PASSWORD} == x ]; then
          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
          exit 1;
        fi;
        if [ ! -f certs/ca.zip ]; then
          echo "Creating CA";
          bin/elasticsearch-certutil ca --silent --pem -out config/certs/ca.zip;
          unzip config/certs/ca.zip -d config/certs;
        fi;
        if [ ! -f certs/certs.zip ]; then
          echo "Creating certs";
          echo -ne \
          "instances:\n"\
          "  - name: es01\n"\
          "    dns:\n"\
          "      - es01\n"\
          "      - localhost\n"\
          "    ip:\n"\
          "      - 127.0.0.1\n"\
          > config/certs/instances.yml;
          bin/elasticsearch-certutil cert --silent --pem -out config/certs/certs.zip --in config/certs/instances.yml --ca-cert config/certs/ca/ca.crt --ca-key config/certs/ca/ca.key;
          unzip config/certs/certs.zip -d config/certs;
        fi;
        echo "Setting file permissions"
        chown -R root:root config/certs;
        find . -type d -exec chmod 750 \{\} \;;
        find . -type f -exec chmod 640 \{\} \;;
        echo "Waiting for Elasticsearch availability";
        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
        echo "Setting kibana_system password";
        until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
        echo "All done!";
      '
    healthcheck:
      test: ["CMD-SHELL", "[ -f config/certs/es01/es01.crt ]"]
      interval: 1s
      timeout: 5s
      retries: 120

  es01:
    depends_on:
      setup:
        condition: service_healthy
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - ${ES_PORT}:9200
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      - discovery.type=single-node
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.http.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
    mem_limit: ${ES_MEM_LIMIT}
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

  kibana:
    depends_on:
      es01:
        condition: service_healthy
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=https://es01:9200
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
      - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: d1a66dfd-c4d3-4a0a-8290-2abcb83ab3aa
    mem_limit: ${KB_MEM_LIMIT}
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120

volumes:
  certs:
    driver: local
  esdata01:
    driver: local
  kibanadata:
    driver: local