How to completely disable Xpack?

I have elasticsearch 7.4 running on AWS Elastic Search with Open Distro user management
with curl and basic auth - I can successful call elasticsearch root:

{  "name": "0ea36812a52dca373179a5cbe60cfa8d",  "cluster_name": "152596411899:logs",  "cluster_uuid": "ZH1QOe2TQ1Si9Jdfy62I4Q",  "version": {    "number": "7.4.2",    "build_flavor": "oss",    "build_type": "tar",    "build_hash": "unknown",    "build_date": "2020-02-06T10:08:47.217314Z",    "build_snapshot": false,    "lucene_version": "8.2.0",    "minimum_wire_compatibility_version": "6.8.0",    "minimum_index_compatibility_version": "6.0.0-beta1"  },  "tagline": "You Know, for Search"}

Im trying to setup logstash:
elasticsearch { hosts => "https://search-logs-xxxxxxxxxxxxxxxx.eu-west-1.es.amazonaws.com:443" user => "logstash" password => "xxxxxxxxxxxx" ssl => true ssl_certificate_verification => false }

also in logstash.yml i have:
xpack.monitoring.enabled: false

but on start i have an error:

[2020-03-30T21:07:43,935][ERROR][logstash.outputs.elasticsearch][main] Failed to install template. {:message=>"Got response code '401' contacting Elasticsearch at URL '[https://search-logs-XXXXXXXXXXXXX.eu-west-1.es.amazonaws.com:443/_xpack](https://search-logs-XXXXXXXXXXXXX.eu-west-1.es.amazonaws.com/_xpack)'", :class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError", :backtrace=>["/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:80:inperform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:332:in perform_request_to_url'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:319:in block in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:414:in with_connection'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:318:in perform_request'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:326:in block in Pool'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:162:in get'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/http_client.rb:378:in get_xpack_info'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/ilm.rb:57:in ilm_ready?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/ilm.rb:28:in ilm_in_use?'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/template_manager.rb:14:in install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/common.rb:197:in install_template'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.1-java/lib/logstash/outputs/elasticsearch/common.rb:53:in block in setup_after_successful_connection'"]}`

i cant call /_xpack even with curL:

"Message": "Your request: '/_xpack' is not allowed."

what im doing wrong?

I think you need to use https://github.com/awslabs/logstash-output-amazon_es?

It have one issue therefore https://github.com/awslabs/logstash-output-amazon_es/issues/154

Why classic elasticsearch plugin cant work?

fixed by set ilm_enabled => false

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.