How to mention elasticsearch credentials in logstash config?

Shreesh_Narayanan · July 28, 2021, 10:36am

Hello,

I recently enabled x-pack security on elasticsearch and set up passwords for built-in users successfully . However now i get an error when trying to ingest some logs

[2021-07-23T13:02:58,225][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elastic:xxxxxx@172.26.207.167:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://172.26.207.167:9200/'"

here's my output section in the logstash config :- I don't want to specify password in plain text, (which works when password is mentioned in plain text) , is there way to mention the keystore value here?

The below format currently works properly

output {

 elasticsearch { hosts => ["172.26.207.167:9200"]
                        index => "logstash_viz1"
                        user => "elastic"
                        password => "test123"
                }

varunpappu · July 28, 2021, 10:54am

You can use logstash keystore and eliminate the possibility of putting username and passwords in plaintext.

This article should help you out
(Secrets keystore for secure settings | Logstash Reference [7.13] | Elastic)

system · August 25, 2021, 10:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.