Hello
Could use some help with fresh ELK installation on premises. I installed Elasticstack and Kibana with mostly default configuration. In Elasticstack conf i changed Data path and uncommented host and port settings. In Kibana i uncommented host, port and publicBaseUrl.
When starting Elasticstack i as given firstime user and token. When starting Kibana for the first time i got to insert that token and login in worked. So far so good.
Then i installed Logstash and made simple pipe config, where input is syslog and output is Elasticstack. But i get errors:
Logstash:
[2022-10-28T12:38:03,467][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"x.x.x.x:9200 failed to respond", :exception=>Manticore::ClientProtocolException, :cause=>#<Java::OrgApacheHttp::NoHttpResponseException: x.x.x.x:9200 failed to respond>}
Elasticsearch:
[2022-10-28T12:37:58,446][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [ELK] received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/x.x.x.x:9200, remoteAddress=/x.x.x.x:54377}
It seems like authentication problem. When i tested with Elasticsearch security turned off it started sending fine but that also removes users login part that i like.
What do i need to add in logstash to make it work with authentication.
i tryed to change:
output {
elasticsearch {
hosts => ["x.x.x.x:9200"]
}
}
hosts to include http / https aswell, dident change anything.