I just upgraded to Release 5.4 of the ELK Stack and have installed x-pack for ElasticSearch, Kibana, and Logstash.
Here are my .yml settings used:
ElasticSearch:
xpack.monitoring.elasticsearch.url: "http://localhost:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: ""
Kibana:
xpack.monitoring.elasticsearch.url: "http://localhost:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: ""
Logstash:
xpack.monitoring.elasticsearch.url: "http://localhost:9200"
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: ""
Logstash.conf:
elasticsearch {
document_type => "ExceptionLogInfo"
index => "exceptionlog-%{+YYYY.MM.dd}"
user => logstash_internal
password => logstash_internal_password
}
What I am seeing in my logstash-plain log file is this:
[logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x41b5bf37 URL:http://logstash_system:xxxxxx@localhost:9200/_xpack/monitoring/?system_id=logstash&system_api_version=2&interval=1s>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"
From everything that I've read it looks like I have everything configured correctly yet I continue to get this error and don't know why so any help / assistance would be greatly appreciated.
TIA,
Bill Youngman