Hi,
Probably something easy, but i'll try anyway.
I had a working ELK-machine running 5.5.2, then i decided to upgrade to 5.6.0 and install X-pack at the same time.
I did the following:
- upgraded ES, installed X-pack
- upgraded kibana, installed X-pack
- Added the free license key
- upgraded Logstash, installed x-pack
Now when the services are running i get these errors on the machine running E+L+K
[2017-09-14T15:44:20,773][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::
HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
Have tried the reserved logstash_system user, a superuser and also created a new logstash_user with permissions from point 1 here: https://www.elastic.co/guide/en/x-pack/current/logstash.html
This is my logstash.json output:
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
user => logstash_user
password => logstashpassword
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
But the errors are still there.. dont really know where i should go next.
Thanks
/Micke