logstash | [2023-01-27T11:56:05,943][INFO ][logstash.javapipeline ][.monitoring-logstash] Pipeline started {"pipeline.id"=>".monitoring-logstash"}
logstash | [2023-01-27T11:56:05,956][INFO ][logstash.agent ] Pipelines running {:count=>2, :running_pipelines=>[:main, :".monitoring-logstash"], :non_running_pipelines=>}
logstash | [2023-01-27T11:56:06,191][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
logstash | [2023-01-27T12:09:23,612][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://127.0.0.1:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://127.0.0.1:9200/'"}
The error is pretty clear, you have an authorization issue, check your username and password, also, remove the / in the end of the host, not sure if this can lead to some issue, but you do not need it at the end.
I haven't defined 127.0.0.1:9200 anywhere in the logstash..yaml and config file.
Also In the logs I am to able see logstash is able to make the connection with ip the of the host (100.2.X.X:9200) . But after that somehow this 127.0.0.1 is getting added in the pool and then trying to make the connection with this .. which I am not able to figured it out.
NOTE : this issue I am getting after I have added basic authentication in ELK , And I verified I am giving the correct credentials in logstash , even I verified manually also , you can see it is able to authenticate with the actual IP of the host.
It sounds like you have legacy xpack monitoring enabled. You have two pipelines -- main (your pipeline) and monitoring-logstash. I believe that is xpack. See here. The default address to which monitoring information is sent is localhost. So if you require authorisation then that will also require authorisation.
could you please elaborate , what do u mean by "if you require authorisation then that will also require authorisation." ,
Do u mean I need it add 127.0.0.1 in the hosts list in the yaml and conf file.
Thanks In Advance
I am saying that if you have added "basic authentication in ELK" then you need to configure a username and password for xpack. See the fourth item in the documentation I linked to.
That I have already added in both yaml and conf file. Also I can see logstash is able to authenticate with the ip of the host machine, but after that it is trying to connect with 127.0.0.1 then the above error throwing
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.