I can not send logs to elastic cloud

Hugo_Pacini · November 4, 2021, 12:57pm

I'm trying to send logs from Serilogs to Elastic Cloud but doesn't work and I can not see errors. Can I send logs to test using Postman?

The URL is https://my-custom-domain.es.eastus2.azure.elastic-cloud.com:9243

var uri = new Uri(configuration["ElasticSearchUrl"]);
            var sinkOptions = new ElasticsearchSinkOptions(uri)
            {
                AutoRegisterTemplate = true,
                ModifyConnectionSettings = x => x.BasicAuthentication(configuration["ElasticUser"], configuration["ElasticPass"]),
                IndexFormat = $"custom-log-{Assembly.GetExecutingAssembly().GetName().Name.ToLower().Replace('.', '-')}-{DateTime.Now:yyyy-MM}",
            };
            
            Log.Logger = new LoggerConfiguration()
                .ReadFrom.Configuration(configuration)
                .Enrich.FromLogContext()
                .Enrich.WithMachineName()
                .WriteTo.Console()
                .WriteTo.Elasticsearch(sinkOptions)
                .Enrich.WithProperty("Environment", env)
                .CreateLogger();

warkolm · November 4, 2021, 11:02pm

Welcome to our community!

You can use postman to test, yes.
If there's no output from serilog then it's going to be very hard to provide any sort of assistance unfortunately.

Hugo_Pacini · November 5, 2021, 6:57pm

I cannot see any error in the vs console. Where can I see it? For that reason, I ask if there is a way to check that endpoint works well with the postman. Maybe do a post for that elastic URI and given index in order to check if the problem is about the Serilog and not credentials or the endpoint.

stephenb · November 5, 2021, 8:16pm

@Hugo_Pacini Welcome to the community!

You can certainly try a POST.

Remember Elasticsearch expects JSON, you don't need the port 9243 either

POST application/json

curl -u "username:password" -d '{"key1":"value1", "key2":"value2"}' -H "Content-Type: application/json" -X POST "https://my-custom-domain.es.eastus2.azure.elastic-cloud.com/indexname/_doc"

with a data file

curl  -u "username:password" -d "@data.json" -H "Content-Type: application/json"  -X POST "https://my-custom-domain.es.eastus2.azure.elastic-cloud.com/indexname/_doc"

Hugo_Pacini · November 6, 2021, 1:19pm

@stephenb Thanks for your answer. I've tried tested as you say but I always get a 401 with the following response. I've tested with all combinations "user:password" that I could. Just to know, I use the same credentials that I use to log in to the cloud.

{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [username@domain] for REST request [/my-index/_doc]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [username@domain] for REST request [/my-index/_doc]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}

stephenb · November 6, 2021, 2:16pm

Well that's your problem.. the cluster credentials are not the same as the Cloud Console credentials.

A 401 confirms that because that is the code for not authorized

When you created the cluster a dialog box popped up with the cluster credentials You should have copied that and that would be what you would use for interaction with Elasticsearch..

If you do not have that set of credentials which will be elastic and a password You can reset it using the instructions here

system · December 4, 2021, 2:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.