Exception: Faraday::SSLError Elasticsearch input

I'm trying to use the Elasticsearch input, but I'm getting an error when I start the plugin. Below is my config and the error. I'm using the internal elastic super user account and the same certificate bundle that is used by all my other Logstash output pipelines to connect to Elasticsearch.

input {
  elasticsearch {
    ssl => true
    hosts => ["Host.FQDN.com:9200"]
    ca_file => "/certbun.pem"
    docinfo => true
    user => "elastic"
    password => "changeme"
    index => "rickflairwoo-*"
    query => '{ "query": { "match": { "_id": "woo1"} } }'
  }
}
[2019-08-23T10:52:34,172][ERROR][logstash.javapipeline    ] A plugin had an unrecoverable error. Will restart this plugin.
  Pipeline_id:RickFlair_Output
  Plugin: <LogStash::Inputs::Elasticsearch password=><password>, ca_file=>"/certbun.pem", hosts=>["Host.FQDN.com:9200"], query=>"{ \"query\": { \"match\": { \"_id\": \"woo1\"} } }", index=>"rickflairwoo-*", docinfo=>true, id=>"bc8e8cfe3e0735ad5078cc46ea513d0a6a57c11866ddf1a0db30fd3479b9623e", ssl=>true, user=>"elastic", enable_metric=>true, codec=><LogStash::Codecs::JSON id=>"json_5dfc1add-7d10-4393-a257-1cd954cf3ea2", enable_metric=>true, charset=>"UTF-8">, size=>1000, scroll=>"1m", docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"]>
  Error: Received fatal alert: handshake_failure
  Exception: Faraday::SSLError
  Stack: org/jruby/ext/openssl/SSLSocket.java:276:in `connect_nonblock'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/protocol.rb:44:in `ssl_socket_connect'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:985:in `connect'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924:in `do_start'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913:in `start'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465:in `request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:82:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:40:in `block in call'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:87:in `with_net_http_connection'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:32:in `call'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/rack_builder.rb:139:in `build_response'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/connection.rb:377:in `run_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/faraday.rb:23:in `block in perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/client.rb:131:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-api-5.0.5/lib/elasticsearch/api/actions/search.rb:183:in `search'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:280:in `search_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:228:in `do_run_slice'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:209:in `do_run'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:197:in `run'
/Logstash/7.2/logstash-core/lib/logstash/java_pipeline.rb:309:in `inputworker'
/Logstash/7.2/logstash-core/lib/logstash/java_pipeline.rb:302:in `block in start_input'

Anybody got anything for this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.