I have elasticsearch 7.4 running on AWS Elastic Search with Open Distro user management
with curl and basic auth - I can successful call elasticsearch root:
{ "name": "0ea36812a52dca373179a5cbe60cfa8d", "cluster_name": "152596411899:logs", "cluster_uuid": "ZH1QOe2TQ1Si9Jdfy62I4Q", "version": { "number": "7.4.2", "build_flavor": "oss", "build_type": "tar", "build_hash": "unknown", "build_date": "2020-02-06T10:08:47.217314Z", "build_snapshot": false, "lucene_version": "8.2.0", "minimum_wire_compatibility_version": "6.8.0", "minimum_index_compatibility_version": "6.0.0-beta1" }, "tagline": "You Know, for Search"}
Im trying to setup logstash:
elasticsearch { hosts => "https://search-logs-xxxxxxxxxxxxxxxx.eu-west-1.es.amazonaws.com:443" user => "logstash" password => "xxxxxxxxxxxx" ssl => true ssl_certificate_verification => false }
also in logstash.yml i have:
xpack.monitoring.enabled: false
but on start i have an error:
[2020-03-30T21:07:43,935][ERROR][logstash.outputs.elasticsearch][main] Failed to install template. {:message=>"Got response code '401' contacting Elasticsearch at URL '[https://search-logs-XXXXXXXXXXXXX.eu-west-1.es.amazonaws.com:443/_xpack](https://search-logs-XXXXXXXXXXXXX.eu-west-1.es.amazonaws.com/_xpack)'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:in
perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:332:in perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:319:in
block in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:414:in with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:318:in
perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:326:in block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:162:in
get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:378:in get_xpack_info'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/ilm.rb:57:in
ilm_ready?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/ilm.rb:28:in ilm_in_use?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/template_manager.rb:14:in
install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/common.rb:197:in install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/common.rb:53:in
block in setup_after_successful_connection'"]}`
i cant call /_xpack even with curL:
"Message": "Your request: '/_xpack' is not allowed."
what im doing wrong?