Exiting: error loading config file: yaml: line 189: did not find expected key

armughan · November 16, 2021, 11:49am

Hi All,
I'm trying to connect Filebeat with Elasticsearch After the configuration of filebeat.yml I'm having "Exiting: error loading config file: yaml: line 189: did not find expected key"

filebeat.inputs:

- type: log

  enabled: false

  paths:
    - /var/log/*.log

- type: filestream

  enabled: false
 
  paths:
    - /var/log/*.log

filebeat.config.modules:

  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

# ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1

# =================================== Kibana ===================================

setup.kibana:
  host: "kibana.simplitech.ai"

# ================================== Outputs ===================================

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["elasticstack.example.ai:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"
  #protocol: "https"

output.elasticsearch.ssl.certificate_authorities: ["/etc/client/client-ca.crt"]
output.elasticsearch.ssl.certificate: "/etc/client/client.crt"
output.elasticsearch.ssl.key: "/etc/client/client.key"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  api_key: "cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ=="
  #api_key: "phtVKH0BMY8bmJFb-Tb5:mjMc4FjURHCqXcl_WBsuzA"
#  username: "elastic"
#  password: "changeme"

# ================================= Processors =================================
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

CURL request

curl https://elasticstack.example.com:9200/_xpack/security/_authenticate?pretty --key client.key --cert client.crt --cacert client-ca.crt -k -v -H "Authorization: ApiKey cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ=="

CURL response

*   Trying 54.211.123.112...
* TCP_NODELAY set
* Connected to elasticstack.example.com (54.211.123.112) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: client-ca.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=node-1
*  start date: Oct 21 12:28:40 2021 GMT
*  expire date: Oct 21 12:28:40 2026 GMT
*  issuer: CN=Elastic Certificate Tool Autogenerated CA
*  SSL certificate verify ok.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET /_xpack/security/_authenticate?pretty HTTP/1.1
> Host: elasticstack.example.com:9200
> User-Agent: curl/7.58.0
> Accept: */*
> Authorization: ApiKey cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ==
>
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< Warning: 299 Elasticsearch-7.15.2-93d5a7f6192e8a1a12e154a2b81bf6fa7309da0c "[GET /_xpack/security/_authenticate] is deprecated! Use [GET /_security/_authenticate] instead."
< content-type: application/json; charset=UTF-8
< content-length: 358
<
{
  "username" : "elastic",
  "roles" : [ ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "_es_api_key",
    "type" : "_es_api_key"
  },
  "lookup_realm" : {
    "name" : "_es_api_key",
    "type" : "_es_api_key"
  },
  "authentication_type" : "api_key"
}
* Connection #0 to host elasticstack.example.com left intact

afgomez · November 16, 2021, 12:47pm

Hi @armughan,

You need to change the line that starts with api_key: "cGh..." with this:

output.elasticsearch.api_key: "cGh..."

Make sure you remove the spaces in front. This should do the trick

armughan · November 17, 2021, 6:37am

Still no luck same error.

system · December 15, 2021, 6:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.