Filebeat is not receiving logs from logstash

[2017-07-04T14:24:02,247][ERROR][logstash.outputs.elasticsearch] Got a bad response code from server, but this code is not considered retryable. Request will be dropped {:code=>401, :response_body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication token for REST request [/_bulk]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication token for REST request [/_bulk]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}"}
[2017-07-04T14:24:04,504][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://xx.xx.x.xx:9200/, :path=>"/"}
[2017-07-04T14:24:04,509][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x5fe49749 URL:http://xx.xx.x.xx:9200/>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://xx.xx.x.xx:9200/'"}

Read above and sort it out

where to sort this out... in kibana console???

before installing x-pack in my ELK stack im not getting any issues like this... Im getting this error log after installing x-pack...:confused:

Have you configured Logstash to authenticate to ES?

Yes i did.

xpack.monitoring.elasticsearch.url: ["http://xx.xx.xx.xx:9200"]
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "password"
xpack.monitoring.enabled: true

when ever im installing x-pack im facing this issue... and filebeat also not working properly after x-pack installation...

The configuration is not correct, as its not able to authenticate.

Now i uninstalled x-pack and im not getting any issues with filebeat and logstash

See you are doing something wrong while configuring X-PACK did you follow the official tutorials ?
If you can than please share the config files with us so that we can help you better.

Yes i did.

xpack.monitoring.elasticsearch.url: ["http://xx.xx.xx.xx:9200"]
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "password"
xpack.monitoring.enabled: true

That covers the monitoring but it's the elasticsearch output plugin that's complaining. Make sure you've configured authentication there as well.

This is what i've in my elasticsearch output plugin config file.

output {
stdout { codec => rubydebug }
elasticsearch {
hosts => ["XX.XX.XX.XX:9200"]
sniffing => false
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

ah no i am sorry for the confusion .. I need to see what you have done for authentication in elasticsearch as Magnus Bäck asked above ..

This is what i've in my elasticsearch output plugin config file.

Right, and no username and password options are set. See the elasticsearch output documentation for more on how to configure authentication.

2 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.