Hi, anyone can help me? I have elasticsearch cluster with basic security enabled, and i want to send some csv data through logstash which i installed it later after elasticsearch. so i followed this instruction Configuring SSL, TLS, and HTTPS to secure Elasticsearch, Kibana, Beats, and Logstash | Elastic Blog, But i got this error when i run command
./logstash --debug
this is the log generated
{"level":"ERROR","loggerName":"logstash.licensechecker.licensereader","timeMillis":1645615253634,"thread":"LogStash::Runner","logEvent":{"message":"Unable to retrieve license information from license server","message":"Elasticsearch Unreachable: [https://logstash_system:xxxxxx@10.27.3.218:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors"}}
{"level":"DEBUG","loggerName":"logstash.licensechecker.licensemanager","timeMillis":1645615253644,"thread":"LogStash::Runner","logEvent":{"message":"updating observers of xpack info change"}}
{"level":"DEBUG","loggerName":"logstash.monitoring.internalpipelinesource","timeMillis":1645615253668,"thread":"LogStash::Runner","logEvent":{"message":"updating licensing state installed:false,\n license:<no license loaded>,\n features:<no features loaded>,\n last_updated:}"}}
{"level":"ERROR","loggerName":"logstash.monitoring.internalpipelinesource","timeMillis":1645615253677,"thread":"LogStash::Runner","logEvent":{"message":"Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster."}}
{"level":"DEBUG","loggerName":"logstash.config.sourceloader","timeMillis":1645615253679,"thread":"LogStash::Runner","logEvent":{"message":"Adding source","source":"#<LogStash::Monitoring::InternalPipelineSource:0x75ab999f>"}}
{"level":"INFO","loggerName":"logstash.agent","timeMillis":1645615254026,"thread":"Api Webserver","logEvent":{"message":"Successfully started Logstash API endpoint","port":9600}}
{"level":"DEBUG","loggerName":"org.reflections.Reflections","timeMillis":1645615254674,"thread":"Converge PipelineAction::Create<difo>","logEvent":{"message":"going to scan these urls:\njar:file:/pbnosql1/appl/logstash-7.14.2/logstash-core/lib/jars/logstash-core.jar!/"}}
{"level":"INFO","loggerName":"org.reflections.Reflections","timeMillis":1645615254754,"thread":"Converge PipelineAction::Create<difo>","logEvent":{"message":"Reflections took 79 ms to scan 1 urls, producing 120 keys and 417 values "}}
{"level":"DEBUG","loggerName":"logstash.instrument.periodicpoller.jvm","timeMillis":1645615267335,"thread":"pool-5-thread-1","logEvent":{"message":"collector name","name":"ParNew"}}
{"level":"DEBUG","loggerName":"logstash.instrument.periodicpoller.jvm","timeMillis":1645615267335,"thread":"pool-5-thread-1","logEvent":{"message":"collector name","name":"ConcurrentMarkSweep"}}
^[{"level":"DEBUG","loggerName":"logstash.outputs.elasticsearch","timeMillis":1645615270229,"thread":"Ruby-0-Thread-11: :1","logEvent":{"message":"Waiting for connectivity to Elasticsearch cluster, retrying in 16s"}}
{"level":"DEBUG","loggerName":"logstash.outputs.elasticsearch","timeMillis":1645615271261,"thread":"Ruby-0-Thread-10: :1","logEvent":{"message":"Running health check to see if an ES connection is working","url":"https://difo:xxxxxx@10.27.3.218:9200/","path":"/"}}
{"level":"WARN","loggerName":"logstash.outputs.elasticsearch","timeMillis":1645615271296,"thread":"Ruby-0-Thread-10: :1","logEvent":{"message":"Attempted to resurrect connection to dead ES instance, but got an error","url":"https://difo:xxxxxx@10.27.3.218:9200/","exception":{"metaClass":{"metaClass":{"exception":"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError","message":"Elasticsearch Unreachable: [https://difo:xxxxxx@10.27.3.218:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors"}}}}}
this is my logstash.yml
# ------------ Node identity ------------
node.name: logstash01
# ------------ Pipeline Settings --------------
pipeline.ordered: false
# ------------ HTTP API Settings -------------
http.host: 10.27.3.221
http.port: 9600
# ------------ Debugging Settings --------------
log.format: json
# ------------ X-Pack Settings (not applicable for OSS build)--------------
#
# X-Pack Monitoring
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: Bcabca01
xpack.monitoring.elasticsearch.hosts: ["https://10.27.3.218:9200"]
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/pbnosql1/appl/logstash-7.14.2/config/certs/ca.crt"
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
and this my logstash config
input {
file {
path => "/pbnosql1/data/difo/difo.csv"
start_position => "beginning"
}
}
filter {
csv {
columns => [
"Transaction_Name",
"Channel_Name",
"Reference_Number",
"Account_Number",
"Customer_Number",
"Customer_Name",
"Transaction_Date",
"Source"
]
separator => ","
}
mutate {
convert => {
"Customer_Number" => "string"
"Account_Number" => "string"
}
}
date{
match => [ "Transaction_Date", "yyyy-MM-dd HH:mm:ss.SSS",
"yyyy-MM-dd HH:mm:ss,SSS",
"yyyy-MM-dd HH:mm:ss",
"yyyy-MM-dd HH:mm:ss.SSSZ",
"MMM D, yyyy HH:mm:ss.SSS a z",
"ISO8601",
"dd/MM/yyyy"]
#target => "time" @timestamp
locale => "en"
timezone => "Asia/Jakarta"
}
}
output {
elasticsearch {
hosts=> ["https://10.27.3.218:9200"]
ssl => true
ssl_certificate_verification => true
cacert => '/pbnosql1/appl/logstash-7.14.2/config/certs/ca.crt'
user => difo
password => difoapp
index => "difo_sample"
}
}
I have tried generate new certificate for this logstash01 using elasticsearch-certutil and elasticsearch-certgen, also i have tried to use the first elasticsearch ca.crt. But still can't work properly. Any suggestion to solve this problem? Thanks