Elasticsearch filter, ca_file problem

Elastic Stack Logstash
1

Hi Im trying to use elasticsearch filter and I get this error:

Host name 'my-elastic-ip' does not match the certificate subject provided by the peer (CN=instance)>

this is my conf:

filter{
elasticsearch {
    hosts => ["https://my-elastic-ip:9200"]
    user => "my-user"
    password => "my-pass"
    ca_file => "/usr/share/logstash/certificates/newfile.crt.pem"
    ssl => false
    index => ["canvas"]
    query => "id:%{[id]}"
    result_size => 1
    fields => {"id" =>"existe"}
    }
}

the certificate Im using is the same that I use in the elasticsearch output, and it works

output {
        elasticsearch {
            hosts => ["https://my-elastic-ip:9200"]
            cacert => "/usr/share/logstash/certificates/newfile.crt.pem"
            ssl_certificate_verification => false
            index => "canvas"
            user => "my-user"
            password => "my-pass"
        }
}

What kind of certificate I need to use in the elasticsearch filter? and how can I create one?

Thanks!

Full error log:

{
    :pipeline_id=>"main",
    :exception=>#<Manticore: :UnknownException: Host name 'my-elastic-ip' does not match the certificate subject provided by the peer (CN=instance)>,
    :backtrace=>[
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in `block in initialize'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:in `call'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:274:in `call_once'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:158:in `code'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/manticore.rb:84:in `block in perform_request'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/manticore.rb:67:in `perform_request'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/client.rb:131:in `perform_request'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/elasticsearch-api-5.0.5/lib/elasticsearch/api/actions/ping.rb:20:in `ping'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-elasticsearch-3.6.0/lib/logstash/filters/elasticsearch.rb:192:in `test_connection!'",
        "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-elasticsearch-3.6.0/lib/logstash/filters/elasticsearch.rb:74:in `register'",
        "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:56:in `register'",
        "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:192:in `block in register_plugins'",
        "org/jruby/RubyArray.java:1792:in `each'",
        "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:191:in `register_plugins'",
        "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:463:in `maybe_setup_out_plugins'",
        "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:204:in `start_workers'",
        "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:146:in `run'",
        "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:105:in `block in start'"
    ],
    :thread=>"#<Thread:0x34c540dc run>"
}
2

I can curl to elastic form the logstash machine using the --cacert and -k options. :person_shrugging:

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.