Enable elasticsearch module from filebeat and trying to send data to elasticsearch but getting below error

Hello team,
I have enable Elasticsearch module from filebeat and trying to send data to Elasticsearch but getting below error.

Can you please help me here. Username and password is correct. but still showing below error.

2022-01-06T18:25:50.499+0400    ERROR   [publisher_pipeline_output]     pipeline/output.go:154  Failed to connect to backoff(elasticsearch(https://IP:9200)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}

My filebeat Elasticsearch output:

output.elasticsearch:
 # Array of hosts to connect to.
  hosts : ["https://IP:9200"]
  user : "elastic"
  password : "elastic"
  ssl.certificate_authorities: ["/etc/filebeat/kafka_ca.crt"]
  index: "siem-elk"
  setup.ilm.enabled: auto
  setup.ilm.rollover_alias: "siem-elk"
  setup.ilm.pattern: "{now/d}-000001"

setup.template.name: siem-elk
setup.template.pattern: siem-elk-*

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.