Logstash cant connect to Elasticsearch

I am getting the below error when I am starting the logstash

[2019-04-09T17:19:18,094][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://localhost:9300/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://localhost:9300/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

My Logstash.config file input:

input {
beats {
port => 5044
}
}

Output:

if [type] == "smaccess" or [type] == "smps" or [type] == "agent" or [type] == "agenttrace" {
stdout { codec => rubydebug }
elasticsearch {
hosts => [ "localhost:9300" ]
index => "siteminder-%{+YYYY.MM.dd}"
ssl => true
ssl_certificate_verification => true
truststore => "/etc/xuv0/apps/elk/elasticsearch-6.5.4/config/client.truststore.jks"
truststore_password => storepass
}
} else {
elasticsearch {
hosts => [ "localhost:9300" ]
ssl => true
ssl_certificate_verification => true
truststore => "/etc/xuv0/apps/elk/elasticsearch-6.5.4/config/client.truststore.jks"
truststore_password => storepass
}
}
}

Can anyone please help me on this? I am not sure why does is it say dead ES instance, both the ports 9200 and 9300 are up and running. Also I gave the correct path to the truststore but still it says can't find the certification path. Please help.

It is telling you it cannot establish a connection. The reason for that is that it cannot validate the certificate that elasticsearch is presenting.

I cannot test it, but if I recall correctly you need the chain in the truststore, not just the leaf certificate.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.