Filebeat 401 Unauth

d3sire · June 5, 2018, 11:47pm

Hey,

I have set up filebeat with elasticsearch output. My ES instance is behind nginx reverse proxy with basic auth. I have tested my login:password with curl and everything works fine. However, I keep getting 401 unauthorized errors in my filebeat logs.

filebeat version 6.2.4 (amd64), libbeat 6.2.4

Here is my beat config:

filebeat.prospectors:

- type: log

  enabled: false

  paths:
    - /var/log/*.log

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml

  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 3

setup.kibana:
  host: "myhost:port"
  protocol: "https"
  path: "/kibana"
  username: "login"
  password: "changeme"

output.elasticsearch:
  hosts: ["myhost:port"]
  protocol: "https"
  username: "elastic"
  password: "changeme"
  path: "/elastic"

d3sire · June 6, 2018, 1:04pm

Figured out what was the problem. For anyone who will have the same problem pay attention to the path, it should exactly match the one in the nginx. I had location /elastic/ in the nginx and path /elastic in the filbeat config. After nginx made a redirection to the needed path the auth header was omitted and 401 was returned as a result.

system · July 4, 2018, 3:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(https://<ES_URL>)): 401 Unauthorized Beats filebeat	5	2032	May 12, 2020
Beats issue with keystore and Nginx basic auth Beats	3	519	April 29, 2019
Unable to test output with Filebeat to Elasticsearch Beats filebeat	2	1169	October 4, 2021
Unable to connect filebeat with elasticsearch " Authentication to realm default_native failed" Beats filebeat	2	1318	September 25, 2022
How to filebeat logs to elastic cloud Beats elastic-stack-security , docker , filebeat	2	487	April 6, 2022

Filebeat 401 Unauth

Related topics