Hello ,
I use filebeat to send logs to Elasticsearch , but my configuration wan't work . I use version 8.18.1.
In Elasticsearch config file this is security settinges :
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["node-1"]
http.host: 0.0.0.0
This is filebeat configuration
filebeat.inputs:
- type: filestream
enabled: true
id: test-input
paths:
- /var/log/test_logs/*.log
output.elasticsearch:
hosts: ["https://localhost:9200"]
api_key: "rty6v5YB6WaKLqtvBbKX:dhDckloIYuUMh6kXH2jiuy"
ssl.certificate_authorities: ["/etc/elasticsearch/certs/http_ca.crt"]
ssl.certificate: "/etc/elasticsearch/certs/http.p12"
ssl.key: "/etc/elasticsearch/certs/http.p12"
Token for filebeat is generate with all privileges .
When I test connection using token I am getting :
curl: (60) SSL certificate problem: self-signed certificate in certificate chain
More details here: curl - SSL CA Certificates
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I am new to ELK stack and I don't see what I am misconfigured, does someone help me 