Illegal Character Authority Error Elasticsearch Filter

When performing an Elasticsearch filter query, I get the below error (I've replaced sensitive values with an equivilent number of Xs.

[WARN ][logstash.filters.elasticsearch] Failed to query elasticsearch for previous event {:index=>"servicenow-*", :error=>"Illegal character in authority at index 8: https://{:host=>\"xxxxxxxxx.xxxxxxxxx.net:9200\", :scheme=>\"https\", :protocol=>\"https\", :port=>9200}:9200/servicenow-%2A/_search?q=number%3AXXX0029703&size=1&sort=%40timestamp%3Adesc"}

What does it mean by, illegal character in authority at index 8?

1 Like

That is an elasticsearch question, not a logstash question :slight_smile:

I figured out the issue, it was with the elasticsearch filter and a bug in it. I had to remove ssl => enabled and use https:// in the hosts field.

2 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.