Exiting: error loading config file: yaml: line 189: did not find expected key

Hi All,
I'm trying to connect Filebeat with Elasticsearch After the configuration of filebeat.yml I'm having "Exiting: error loading config file: yaml: line 189: did not find expected key"

filebeat.inputs:

- type: log

  enabled: false

  paths:
    - /var/log/*.log

- type: filestream

  enabled: false
 
  paths:
    - /var/log/*.log

filebeat.config.modules:

  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

# ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1

# =================================== Kibana ===================================

setup.kibana:
  host: "kibana.simplitech.ai"

# ================================== Outputs ===================================

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["elasticstack.example.ai:9200"]

  # Protocol - either `http` (default) or `https`.
  protocol: "https"
  #protocol: "https"

output.elasticsearch.ssl.certificate_authorities: ["/etc/client/client-ca.crt"]
output.elasticsearch.ssl.certificate: "/etc/client/client.crt"
output.elasticsearch.ssl.key: "/etc/client/client.key"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  api_key: "cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ=="
  #api_key: "phtVKH0BMY8bmJFb-Tb5:mjMc4FjURHCqXcl_WBsuzA"
#  username: "elastic"
#  password: "changeme"

# ================================= Processors =================================
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

CURL request

curl https://elasticstack.example.com:9200/_xpack/security/_authenticate?pretty --key client.key --cert client.crt --cacert client-ca.crt -k -v -H "Authorization: ApiKey cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ=="

CURL response

*   Trying 54.211.123.112...
* TCP_NODELAY set
* Connected to elasticstack.example.com (54.211.123.112) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: client-ca.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=node-1
*  start date: Oct 21 12:28:40 2021 GMT
*  expire date: Oct 21 12:28:40 2026 GMT
*  issuer: CN=Elastic Certificate Tool Autogenerated CA
*  SSL certificate verify ok.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET /_xpack/security/_authenticate?pretty HTTP/1.1
> Host: elasticstack.example.com:9200
> User-Agent: curl/7.58.0
> Accept: */*
> Authorization: ApiKey cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ==
>
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< Warning: 299 Elasticsearch-7.15.2-93d5a7f6192e8a1a12e154a2b81bf6fa7309da0c "[GET /_xpack/security/_authenticate] is deprecated! Use [GET /_security/_authenticate] instead."
< content-type: application/json; charset=UTF-8
< content-length: 358
<
{
  "username" : "elastic",
  "roles" : [ ],
  "full_name" : null,
  "email" : null,
  "metadata" : {
    "_reserved" : true
  },
  "enabled" : true,
  "authentication_realm" : {
    "name" : "_es_api_key",
    "type" : "_es_api_key"
  },
  "lookup_realm" : {
    "name" : "_es_api_key",
    "type" : "_es_api_key"
  },
  "authentication_type" : "api_key"
}
* Connection #0 to host elasticstack.example.com left intact

Hi @armughan,

You need to change the line that starts with api_key: "cGh..." with this:

output.elasticsearch.api_key: "cGh..."

Make sure you remove the spaces in front. This should do the trick

Still no luck same error.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.