I am using Logstash 5.6.5. So far used elasticsearch (version 5.6.5) output with HTTP protocol and no authentication. Now Elasticsearch is being secured using basic authentication (user/password) and CA certified HTTPS URL. I don't have any control over the elasticsearch server. I just use it to output to from Logstash.
Now when I try to configure the HTTPS URL of elasticsearch with basic authentication, it fails to create the pipeline.
1. Error registering plugin {:plugin=>"#<LogStash::OutputDelegator:0x50aa9200
2. Pipeline aborted due to error {:exception=>#<URI::InvalidComponentError: bad component(expected user component):
How to fix this? I notice that there is a field called cacert which requires some PEM file. But I am not sure what to put there since the Elasticsearch server is using a CA certified SSL not a self-signed one.
Addtional question: I don't have any xpack installed. Is 'xpack' required to be purchased for HTTPS output to Elasticsearch from Logstash?
I found the root cause of the issue. There were three things to fix:
The logstash version I tested with was wrong 5.5.0. I downloaded the correct version to match with Elasticsearch Version 5.6.5.
The host I used was running on 443 port. When I didn't specify the port as below logstash appends 9200 with it. hosts => ['https://my.es.server.com']
Below configuration corrected the port used by logstash. hosts => ['https://my.es.server.com:443']
I was missing proxy connection settings. proxy => 'http://my.proxy.com:80'
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.