I am getting this error, i have a AWS ELK POC cluster(1 node), i am using filebeat to ingest data, getting this error
With curl i can create index, any suggestions, thanks
elasticsearch/client.go:317 Failed to perform any bulk index operations: 403 Forbidden:
403 Forbidden
Forbidden
You don't have permission to access /_bulk
on this server.
If you are using AWS ES you may need to send the data through Logstash and use the amazon_es output as AWS ES as far as I know does not support the standard HTTP auth.
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
# Array of hosts to connect to.
#hosts: ["https://log-xxx.com:443"]
# Optional protocol and basic auth credentials.
# protocol: "https"
# username: "elastic"
# password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
#hosts: ["localhost:5044"]
hosts: ["log-xxx.com:443"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
ssl.certificate_authorities: ["/etc/pki/tls/chain.pem"]
# Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
# Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
If i want to use elasticsearch output, i will comment logstash portion of the config.
I also see ping request failed with: 403 Forbidden: {"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header
How are you authenticating using curl? Filebeat supports HTTP basic auth, which I think AWS ES does not. You might be able to do something at your proxy layer if you have one, or introduce a Logstash node into the flow.
I ran below command as root, filebeat also running as root on the same node
curl -v -k -H 'Content-Type: application/json' -XPUT "https://aws-es-url.com/test/external/1?pretty" -d '{"name": "CreateIndex", "type": "test1"}'
2018-11-02T23:32:20.681Z DEBUG [monitoring] elasticsearch/elasticsearch.go:197 Monitoring could not connect to elasticsearch, failed with X-Pack capabilities query failed with: 403 Forbidden: {"message":"Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Basic YmVhdHNfc3lzdGVtOg=="}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.