Hi All,
I'm trying to connect Filebeat with Elasticsearch After the configuration of filebeat.yml I'm having "Exiting: error loading config file: yaml: line 189: did not find expected key"
filebeat.inputs:
- type: log
enabled: false
paths:
- /var/log/*.log
- type: filestream
enabled: false
paths:
- /var/log/*.log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
# ======================= Elasticsearch template setting =======================
setup.template.settings:
index.number_of_shards: 1
# =================================== Kibana ===================================
setup.kibana:
host: "kibana.simplitech.ai"
# ================================== Outputs ===================================
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["elasticstack.example.ai:9200"]
# Protocol - either `http` (default) or `https`.
protocol: "https"
#protocol: "https"
output.elasticsearch.ssl.certificate_authorities: ["/etc/client/client-ca.crt"]
output.elasticsearch.ssl.certificate: "/etc/client/client.crt"
output.elasticsearch.ssl.key: "/etc/client/client.key"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
api_key: "cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ=="
#api_key: "phtVKH0BMY8bmJFb-Tb5:mjMc4FjURHCqXcl_WBsuzA"
# username: "elastic"
# password: "changeme"
# ================================= Processors =================================
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
CURL request
curl https://elasticstack.example.com:9200/_xpack/security/_authenticate?pretty --key client.key --cert client.crt --cacert client-ca.crt -k -v -H "Authorization: ApiKey cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ=="
CURL response
* Trying 54.211.123.112...
* TCP_NODELAY set
* Connected to elasticstack.example.com (54.211.123.112) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: client-ca.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Client hello (1):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.3 (OUT), TLS Unknown, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=node-1
* start date: Oct 21 12:28:40 2021 GMT
* expire date: Oct 21 12:28:40 2026 GMT
* issuer: CN=Elastic Certificate Tool Autogenerated CA
* SSL certificate verify ok.
* TLSv1.3 (OUT), TLS Unknown, Unknown (23):
> GET /_xpack/security/_authenticate?pretty HTTP/1.1
> Host: elasticstack.example.com:9200
> User-Agent: curl/7.58.0
> Accept: */*
> Authorization: ApiKey cGh0VktIMEJNWThibUpGYi1UYjU6bWpNYzRGalVSSENxWGNsX1dCc3V6QQ==
>
* TLSv1.3 (IN), TLS Unknown, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS Unknown, Unknown (23):
< HTTP/1.1 200 OK
< X-elastic-product: Elasticsearch
< Warning: 299 Elasticsearch-7.15.2-93d5a7f6192e8a1a12e154a2b81bf6fa7309da0c "[GET /_xpack/security/_authenticate] is deprecated! Use [GET /_security/_authenticate] instead."
< content-type: application/json; charset=UTF-8
< content-length: 358
<
{
"username" : "elastic",
"roles" : [ ],
"full_name" : null,
"email" : null,
"metadata" : {
"_reserved" : true
},
"enabled" : true,
"authentication_realm" : {
"name" : "_es_api_key",
"type" : "_es_api_key"
},
"lookup_realm" : {
"name" : "_es_api_key",
"type" : "_es_api_key"
},
"authentication_type" : "api_key"
}
* Connection #0 to host elasticstack.example.com left intact