Elasticsearch, logstash, filebeat, kibana 6.4 x-pack Security issue


(Eloy Sanchez) #1

Hello,

I configured my logstash output as noted here:https://www.elastic.co/guide/en/beats/filebeat/current/logstash-output.html

I created the logstash pipeline as noted here: https://www.elastic.co/guide/en/elastic-stack-get-started/6.4/get-started-elastic-stack.html#logstash-setup

When I go to load the template manually as noted here: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html#load-template-manually

I receive this message:

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://"172.16.1.16:9200/%22: Get https://"172.16.1.16:920/%22: lookup "172.16.1.16: no such host]

I looked up the error and it seems that I need to create the filebeat_writer user, as noted here: https://www.elastic.co/guide/en/beats/filebeat/6.4/beats-basic-auth.html When I attempt to do that within Kibana\Dev tools, I'm receiving the below message when I attempt to create a user as noted here: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html#load-template-manually

{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "current license is non-compliant for [security]",
"license.expired.feature" : "security"
}
],
"type" : "security_exception",
"reason" : "current license is non-compliant for [security]",
"license.expired.feature" : "security"
},
"status" : 403
}

It was my understanding that x-pack is now part of the latest version 6.4, so why am I receiving this error message?

Thank you,

Eloy Sanchez


(Bhavya R M) #2

Hi,

What's your license? If you downloaded the default distribution - then your license is basic and doesn't have security. You can update to trial using license management under management and then try it up.

Thanks,
Bhavya


(Eloy Sanchez) #3

Thanks bhavyarm,

I referred to https://www.elastic.co/subscriptions Can you tell me how to get a trial license for the Gold and how long it would be valid for? We need those features to successfully get logstash/beats to send syslog/pcap data to our elasticsearch/kibana server.

Eloy Sanchez


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.