Hello team,
I have enable Elasticsearch module from filebeat and trying to send data to Elasticsearch but getting below error.
Can you please help me here. Username and password is correct. but still showing below error.
2022-01-06T18:25:50.499+0400 ERROR [publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(elasticsearch(https://IP:9200)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}
My filebeat Elasticsearch output:
output.elasticsearch:
# Array of hosts to connect to.
hosts : ["https://IP:9200"]
user : "elastic"
password : "elastic"
ssl.certificate_authorities: ["/etc/filebeat/kafka_ca.crt"]
index: "siem-elk"
setup.ilm.enabled: auto
setup.ilm.rollover_alias: "siem-elk"
setup.ilm.pattern: "{now/d}-000001"
setup.template.name: siem-elk
setup.template.pattern: siem-elk-*