FluentBit not able to connect to ElasticSearch even with username password given in config

I am using an AWS EC2 server for running a single-node Elasticsearch instance. I have kibana installed in the same server.

I am able to configure 'FluentD' to this node with security enabled, but not 'Fluent-bit'. I am getting 'broken connection' error.

When I tried to change the security settings in Elasticsearch, Kibana is not working. I tried adding 'kibana_system' username and password too. Nothing works.

I have the following questions:

  1. What is the config that needs to be updated for Fluentbit to start pushing logs to ES with Security Enabled in ES?

  2. If Xpack Security is disabled in ES, then how can we make Kibana work?

ES yml

network.host: 0.0.0.0
discovery.type: single-node
http.port: 9200
discovery.seed_hosts: ["x.x.x.x"]
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

Kibana yml:

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.username: "kibana_system"
elasticsearch.password: "xxxx"

Fluent Bit config:

[SERVICE]
    Parsers_File /parser.config
[FILTER]
    Name parser
    Match *
    Key_Name log
    Parser json
    Reserve_Data On
    Preserve_Key On
[OUTPUT]
    Name es
    Match *
    Type _doc
    Include_Tag_Key On
    Suppress_Type_Name On
    Tag_Key tag
    Trace_Error On
    host https://x.x.x.x
    port 9200
    HTTP_User ${esUser}
    HTTP_Passwd ${esPassword}
    tls On
    tls.verify Off
    Logstash_Format On
    Logstash_DateFormat %Y.%m.%d
    Logstash_Prefix fluentbit-${ServiceName}

Fluentbit is running as a docker

Hello! This forum is for our Elastic Security solution, not the security of the stack itself (confusing, I know!). I am moving your message to a better forum to get you an answer.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.