The official Elasticsearch output plugin documentation (https://www.elastic.co/guide/en/x-pack/current/logstash.html) says that username and password should be added to each of input {}, filter {}, and the Elasticsearch output. However, when using the documented config, Logstash refuses to start.
When username/password is added to the input{} section, the log says:
[2017-06-15T12:19:22,223][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, { at line 10, column 8 (byte 112) after input {\n tcp {\n port => 5000\n type => syslog\n }\n udp {\n port => 5000\n type => syslog\n }\n user "}
When username/password is added to the filter{} section, the log says:
[2017-06-15T12:23:32,696][ERROR][logstash.agent ] Cannot create pipeline {:reason=>"Expected one of #, { at line 25, column 8 (byte 603) after filter {\n if [type] == \"syslog\" {\n grok {\n match => { \"message\" => \"%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\\[%{POSINT:syslog_pid}\\])?: %{GREEDYDATA:syslog_message}\" }\n add_field => [ \"received_at\", \"%{@timestamp}\" ]\n add_field => [ \"received_from\", \"%{host}\" ]\n }\n date {\n match => [ \"syslog_timestamp\", \"MMM d HH:mm:ss\", \"MMM dd HH:mm:ss\" ]\n }\n }\n user "}
Please update the documentation.