Got response code '401' contacting Elasticsearch at URL

Hi,
Probably something easy, but i'll try anyway.
I had a working ELK-machine running 5.5.2, then i decided to upgrade to 5.6.0 and install X-pack at the same time.

I did the following:

  • upgraded ES, installed X-pack
  • upgraded kibana, installed X-pack
  • Added the free license key
  • upgraded Logstash, installed x-pack

Now when the services are running i get these errors on the machine running E+L+K

[2017-09-14T15:44:20,773][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::
HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}

Have tried the reserved logstash_system user, a superuser and also created a new logstash_user with permissions from point 1 here: https://www.elastic.co/guide/en/x-pack/current/logstash.html

This is my logstash.json output:
output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
user => logstash_user
password => logstashpassword
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

But the errors are still there.. dont really know where i should go next.

Thanks

/Micke

Have you looked at https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html and https://www.elastic.co/guide/en/x-pack/current/setting-up-authentication.html?

Added the free license key

Can you clarify this?

If you are using the free Basic license type, then it doesn't include support for X-Pack security.
That shouldn't be causing the errors you're seeing - in fact quite the opposite - but it does suggest that there might be something more complex going on under the covers.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.