Thank you @sai_kiran1
The error has been corrected.
I've got this error now:
[2022-11-18T09:39:12,383][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://192.168.1.30:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://192.168.1.30:9200/'"}
[2022-11-18T09:39:12,398][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://192.168.1.40:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://192.168.1.40:9200/'"}
[2022-11-18T09:39:12,414][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://192.168.1.50:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://192.168.1.50:9200/'"}
an authentication problem ?
I created the API key with this command from a master node:
now it seems that the api key does not allow me to create an index action [indices:admin/auto_create] is unauthorized for API key id [Db8XioQBml7AGtpq8v1N] of user [elastic], this action is granted by the index privileges [auto_configure,create_index,manage,all]"}}
[2022-11-18T14:25:13,992][INFO ][logstash.outputs.elasticsearch][main][e8b005d4a7ee170090677c839c32fa98a5385a0ae7de03cb7f8cb5e018f712c6] Retrying failed action {:status=>403, :action=>["create", {:_id=>nil, :_index=>"logs-generic-default", :routing=>nil}, {"type"=>"syslog", "syslog_pid"=>"774", "syslog_timestamp"=>"Nov 18 14:24:41", "syslog_hostname"=>"syslog-server", "@version"=>"1", "received_from"=>"{\"ip\":\"192.168.1.110\"}", "syslog_message"=>"Unregistered Authentication Agent for unix-process:1713:1793129 (system bus name :1.37, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8) (disconnected from bus)", "@timestamp"=>2022-11-18T13:24:41.000Z, "syslog_program"=>"polkitd", "message"=>"<85>Nov 18 14:24:41 syslog-server polkitd[774]: Unregistered Authentication Agent for unix-process:1713:1793129 (system bus name :1.37, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8) (disconnected from bus)", "received_at"=>"2022-11-18T13:24:42.054523607Z", "host"=>{"ip"=>"192.168.1.110"}, "event"=>{"original"=>"<85>Nov 18 14:24:41 syslog-server polkitd[774]: Unregistered Authentication Agent for unix-process:1713:1793129 (system bus name :1.37, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8) (disconnected from bus)"}, "data_stream"=>{"type"=>"logs", "dataset"=>"generic", "namespace"=>"default"}}], :error=>{"type"=>"security_exception", "reason"=>"action [indices:admin/auto_create] is unauthorized for API key id [D7_lioQBml7AGtpqPP0i] of user [elastic] on indices [logs-generic-default], this action is granted by the index privileges [auto_configure,create_index,manage,all]"}}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.