I am getting following error , when i tried to connect to elastic (which is in another server) from metricbeat server. What could be the issue ? Can you guys help on it . Thanks in Advance
PS C:\ELK_PROD\Metricbeat> .\metricbeat test output
elasticsearch: https://AOSMonitor.degag.corpintra.net:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 53.36.18.220
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.3
dial up... OK
talk to server... ERROR Get "https://AOSMonitor.degag.corpintra.net:9200": Forbidden
Hmmm. Guessing from the output, it looks like the basics (name resolution of AOSMonitor using DNS) is working, which makes me suspect a firewall or proxy server somewhere not allowing you through. You could use your local web browser to try to connect to the Elasticsearch server with HTTPS, but make sure to try it with and without a proxy configuration in the browser, but I really prefer a command line tool for that kind of testing. Do PowerShell come with something that will talk HTTPS? Some type of GetUsingUrl command? If not, install some MinGW tools like curl and wget and thank me later. Cygwin will also do, but might be overkill.
Thanks for the reply..
I tried from local browser with and without proxy , i could able to open the elasticsearch server .. Still not sure why the test output is giving Forbidden
From Browser i could able to connect to Elasticsearch with or without proxy , not sure why i am not able to connect from metric beat .. Test output is giving forbidden error..
HTTPS is using TCP (Transport Control Protocol?) as its underlying protocol. Ping is using something entirely different, something called ICMP - Internet Control Message Protocol, and firewalls and routers are usually a bit more relaxed about letting ICMP packet through. But it is good that ping'ing works because it proves (again) that DNS is working and that basic IP routing is working.
Telnet is also using TCP so that is a bit confusing that it works, but not the 'test output' checks. I assume you got (encrypted) garbage when you connected to the Elasticsearch server on port 9200 ? If it was encrypted garbage that is also good, because that shows that you have (as the 'test output' shows) encryption with SSL and/or TLS set up.
You might want to see if you have openssl installed. It can be used like Telnet to talk TCP, but it also under SSL/TLS encryption. Something like openssl s_client -connect AOSMonitor.degag.corpintra.net:9200 should give you non-garbage.
Ohh - I see you are refering to tracert meaning that you are probably on a Windows machine. Then I am afraid that openssl is not an option.
Are you allowed to disable SSL encryption on the Elasticsearch server? That would be a small step forward if you could disable SSL on both the Elasticsearch server and on the Metricbeat client, and see if that made the test output succeed.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.