Dear team,
I have enabled TLS on cluster and wanted to switch communication between logstash and Elasticsearch to secure protocol. After I set up all I received following error while starting logstash (btw. password is correct I tried it):
[2021-06-01T11:35:43,223][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash_write:xxxxxx@10.194.144.63:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'https://10.194.144.63:9200/'"}
My output pipe:
elasticsearch {
hosts => [ "https://10.194.144.64", "https://10.194.144.62", "https://10.194.144.63" ]
cacert => "/app/products/logstash/conf/certs/elasticsearch-ca.pem"
index => "log-beancounter"
user => "logstash_write"
password => "*******"
template => "/app/products/logstash/conf/templates/log-beancounter.json"
template_name => "log-beancounter"
template_overwrite => "true"
manage_template => true
document_id => "%{[@metadata][fingerprint]}"
}
User has following role assigned (I believe it is sufficient to do any operations):
{
"logstash_write" : {
"cluster" : [
"manage_ilm",
"manage_index_templates",
"manage_ingest_pipelines",
"manage_rollup",
"read_ilm",
"monitor",
"manage",
"all"
],
"indices" : [
{
"names" : [
"*"
],
"privileges" : [
"all"
],
"allow_restricted_indices" : false
}
],
"applications" : [ ],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}