I've to ingest logs via smart connector to logstash. I installed x-pack and the arcsight module (Followed this link https://www.elastic.co/guide/en/logstash/current/arcsight-module.html)
In logstash.yml, I have mentioned the details as below:
modules:
- name: arcsight
var.elasticsearch.hosts: "192.168.2.142:9200"
var.elasticsearch.username: "elastic"
var.elasticsearch.password: "elastic@123"
var.kibana.host: "192.168.2.142:5601"
var.kibana.username: "kibana"
var.kibana.password: "kibana@123"
var.smartconnector.port: "5000"
No matter what I do, the port is not opening:
root@elastic:~# netcat -zv 192.168.2.141 5000
netcat: connect to 192.168.2.141 port 5000 (tcp) failed: Connection refused
When i run logstash, I get below output :
elk@ELK:~$ sudo /usr/share/logstash/bin/logstash --modules arcsight
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'
Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'
Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'
Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'
Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/_xpack'
.
.
.
Please suggest.