I receive this error in filebeat can I help me

alex_base · October 12, 2023, 12:59pm

I receive this error in filebeat {"log.level":"error","@timestamp":"2023-10-12T12:30:33.238Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":148},"message":"Failed to connect to backoff(elasticsearch(https://elasticsearch:9200)): Get \"https://elasticsearch:9200\": x509: certificate has expired or is not yet valid: current time 2023-10-12T12:29:40Z is before 2023-10-12T12:29:46Z","service.name":"filebeat","ecs.version":"1.6.0"}
This is my filebeat.yml

filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

filebeat.autodiscover:
  providers:
    - type: docker
      templates:
        - condition.or:
            - contains.docker.container.image: ${IMAGE_APP}:${IMAGE:TAG}
            - contains.docker.container.image: ${IMAGE_APP}:${IMAGE:TAG}
            - contains.docker.container.image: ${IMAGE_APP}:${IMAGE:TAG}
          config:        
            - type: container
              paths:
                - /var/lib/docker/containers/${data.docker.container.id}/*.log
processors:
  - add_docker_metadata:
      host: "unix:///var/run/docker.sock"
# ##################################################
# The regexp Pattern that has to be matched. The example pattern matches all lines starting with [
multiline.pattern: ^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} - *$
# Defines if the pattern set under pattern should be negated or not. Default is false.
multiline.negate: true
# Match can be set to "after" or "before". It is used to define if lines should be append to a pattern
multiline.match: after

# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  hosts: ${ELASTIC_HOSTS} 
  index: "file_lucual18-%{+yyyy.MM.dd}"
  indices:
    - index: "condor_nest-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        docker.container.image: registry.gitlab.com/lucual18/condor/condor-nest
    - index: "condor_crag-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        docker.container.image: registry.gitlab.com/lucual18/condor/condor-crag
    - index: "invoicy_v2-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        docker.container.image: registry.gitlab.com/lucual18/invoicy/invoicy_v2/invoicy-appv2/pre

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"
  username: ${ELASTIC_USERNAME}
  password: ${ELASTIC_PASSWORD}

  # Use SSL settings for HTTPS.
  ssl.enabled: true

  # List of root certificates for HTTPS server verifications
  ssl.certificate_authorities: "certs/ca/ca.crt"

  # Certificate for SSL client authentication
  ssl.certificate: "certs/elasticsearch/elasticsearch.crt"

  # Client certificate key
  ssl.key: "certs/elasticsearch/elasticsearch.key"

setup.template.name: "file_lucual18"
setup.template.pattern: "file_lucual18-*"

#kibana setup
setup.kibana:
  host: ${KIBANA_HOSTS}
  username: ${ELASTIC_USER}
  password: ${ELASTIC_PASSWORD}
  setup.dashboards.enabled: true

setup.dashboards.retry.interval: 10s
setup.dashboards.retry.maximum: 5
setup.ilm.enabled: false
setup.ilm.check_exists: false
logging.json: true
logging.metrics.enabled: false

Rios · October 12, 2023, 2:19pm

I think the certificate is valid now. If you still have an issue, try to add, just temporary: ssl.verification_mode: none

alex_base · October 12, 2023, 5:38pm

Really I dont know what happens because I run this command from filebeat container: curl --cacert /tmp/ca.crt -u elastic:changeme https://localhost:9200 the reponse its:

{
  "name" : "elasticsearch",
  "cluster_name" : "ll-monitoring",
  "cluster_uuid" : "g-sdsfwrRTRBB9XMiezjYWQ",
  "version" : {
    "number" : "8.10.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "9d8s8d9f8d9g9hg9f8d9faca96427de4622e970e9e",
    "build_date" : "2023-09-19T08:16:24.564900370Z",
    "build_snapshot" : false,
    "lucene_version" : "9.7.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

Rios · October 13, 2023, 9:23am

This is a workaround, establish HTTPS, but do not check the certificate.
Might be you don't have permission to certs. Should be investigated.

system · November 10, 2023, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat 8.15.1 connection error when writing monitoring data Beats elastic-stack-monitoring , filebeat	3	137	September 16, 2024
Sync.go:85: ERR Failed to publish events caused by: EOF Beats filebeat	11	4568	October 10, 2017
Failed to connect to backoff(elasticsearch(http://172.18.158.52:9200)) Beats filebeat	5	1001	April 17, 2024
"Failed to connect" error Beats filebeat	11	15492	September 12, 2018
Failed to connect to backoff - Filebeat and ELK in different environemnts with NAT Beats filebeat	6	11859	December 10, 2018

I receive this error in filebeat can I help me

Related Topics