I'm trying to use the Elasticsearch input, but I'm getting an error when I start the plugin. Below is my config and the error. I'm using the internal elastic super user account and the same certificate bundle that is used by all my other Logstash output pipelines to connect to Elasticsearch.
input {
elasticsearch {
ssl => true
hosts => ["Host.FQDN.com:9200"]
ca_file => "/certbun.pem"
docinfo => true
user => "elastic"
password => "changeme"
index => "rickflairwoo-*"
query => '{ "query": { "match": { "_id": "woo1"} } }'
}
}
[2019-08-23T10:52:34,172][ERROR][logstash.javapipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Pipeline_id:RickFlair_Output
Plugin: <LogStash::Inputs::Elasticsearch password=><password>, ca_file=>"/certbun.pem", hosts=>["Host.FQDN.com:9200"], query=>"{ \"query\": { \"match\": { \"_id\": \"woo1\"} } }", index=>"rickflairwoo-*", docinfo=>true, id=>"bc8e8cfe3e0735ad5078cc46ea513d0a6a57c11866ddf1a0db30fd3479b9623e", ssl=>true, user=>"elastic", enable_metric=>true, codec=><LogStash::Codecs::JSON id=>"json_5dfc1add-7d10-4393-a257-1cd954cf3ea2", enable_metric=>true, charset=>"UTF-8">, size=>1000, scroll=>"1m", docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"]>
Error: Received fatal alert: handshake_failure
Exception: Faraday::SSLError
Stack: org/jruby/ext/openssl/SSLSocket.java:276:in `connect_nonblock'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/protocol.rb:44:in `ssl_socket_connect'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:985:in `connect'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924:in `do_start'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913:in `start'
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465:in `request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:82:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:40:in `block in call'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:87:in `with_net_http_connection'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/adapter/net_http.rb:32:in `call'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/rack_builder.rb:139:in `build_response'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/faraday-0.9.2/lib/faraday/connection.rb:377:in `run_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/faraday.rb:23:in `block in perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/base.rb:262:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/transport/http/faraday.rb:20:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-transport-5.0.5/lib/elasticsearch/transport/client.rb:131:in `perform_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/elasticsearch-api-5.0.5/lib/elasticsearch/api/actions/search.rb:183:in `search'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:280:in `search_request'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:228:in `do_run_slice'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:209:in `do_run'
/Logstash/7.2/vendor/bundle/jruby/2.5.0/gems/logstash-input-elasticsearch-4.3.1/lib/logstash/inputs/elasticsearch.rb:197:in `run'
/Logstash/7.2/logstash-core/lib/logstash/java_pipeline.rb:309:in `inputworker'
/Logstash/7.2/logstash-core/lib/logstash/java_pipeline.rb:302:in `block in start_input'