Hello World!
I'm trying to follow Configuring Security in Logstash | Logstash Reference [7.17] | Elastic, specifically these:
- Configuring Logstash to use Basic Authentication
- Granting Users Access to the Logstash Indices
yet when I start Logstash instance, I get the following error:
logstash | [2023-01-17T21:58:00,448][INFO ][logstash.outputs.elasticsearch][gelf] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://elasticsearch:9200"]}
logstash | [2023-01-17T21:58:00,497][INFO ][logstash.outputs.elasticsearch][gelf] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://logstash_user:xxxxxx@elasticsearch:9200/]}}
logstash | [2023-01-17T21:58:00,669][WARN ][logstash.outputs.elasticsearch][gelf] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://logstash_user:xxxxxx@elasticsearch:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '403' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
the actual username is working fine:
% curl --silent --request GET "http://logstash_user:XYZ@elasticsearch:9200/_security/_authenticate?pretty"
{
"username" : "logstash_user",
"roles" : [
"logstash_reader",
"logstash_admin"
],
"full_name" : "",
"email" : "",
"metadata" : { },
"enabled" : true,
"authentication_realm" : {
"name" : "basic1",
"type" : "native"
},
"lookup_realm" : {
"name" : "basic1",
"type" : "native"
},
"authentication_type" : "realm"
}
%
Please advise.