Logstash Doesnt Connect to ES Cluster after enabling Xpack

Hi,

Please help to identify the configuration issue of Logstash, the Stack version is 7.4.0

Logstash stopped working after enabling xpack.
It is three node cluster and it is up.
Logstash Debug shows following error, there are two errors

  1. [2019-11-06T17:52:48,070][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Use either "cacert" or "truststore" when configuring the CA certificate"}

  2. [2019-11-06T17:53:04,877][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://115.110.89.12:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://115.110.89.12:9200/][Manticore::ClientProtocolException] 115.110.89.12:9200 failed to respond"}

Here is output section of logstash.conf file.


output {
if [type] == "esxisyslog" {
elasticsearch {
hosts => ["115.110.89.12:9200"]
ssl => true
cacert => '/etc/logstash/elastic-certificates.p12'
user => "elastic"
password => "xxxx"
index => "prod-esxi-syslogs-%{+YYYY.MM}"
}
else if [type] == "unixsyslog" {
elasticsearch {
hosts => ["115.110.89.12:9200"]
ssl => true
cacert => '/etc/logstash/elastic-certificates.p12'
user => "elastic"
password => "xxxxx"

     index => "prod-linux-syslogs-%{+YYYY.MM}"
     }

}
stdout {codec => rubydebug}
}


  1. Here is logstash.yml file configuration for xpack monitoring

###########################################################

X-Pack Monitoring

https://www.elastic.co/guide/en/logstash/current/monitoring-logstash.html

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: Pass@123
xpack.monitoring.elasticsearch.hosts: ["http://115.110.89.12:9200"]
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
xpack.monitoring.elasticsearch.ssl.certificate_authority: /etc/logstash/elastic-certificates.p12
xpack.monitoring.elasticsearch.ssl.truststore.path: /etc/logstash/elastic-stack-ca.p12

#xpack.monitoring.elasticsearch.ssl.truststore.password: password
#xpack.monitoring.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.monitoring.elasticsearch.ssl.keystore.password: password
#xpack.monitoring.elasticsearch.ssl.verification_mode: certificate
#xpack.monitoring.elasticsearch.sniffing: false
#xpack.monitoring.collection.interval: 10s
#xpack.monitoring.collection.pipeline.details.enabled: true

X-Pack Management

https://www.elastic.co/guide/en/logstash/current/logstash-centralized-pipeline-management.html

#xpack.management.enabled: false
#xpack.management.pipeline.id: ["main", "apache_logs"]
#xpack.management.elasticsearch.username: logstash_admin_user
#xpack.management.elasticsearch.password: P@ssword
#xpack.management.elasticsearch.hosts: ["https://115.110.89.12:9200", "https://115.110.89.18:9200", "https://115.110.89.51"]
#xpack.management.elasticsearch.ssl.certificate_authority: [ "/path/to/ca.crt" ]
#xpack.management.elasticsearch.ssl.truststore.path: /path/to/file
#xpack.management.elasticsearch.ssl.truststore.password: password
#xpack.management.elasticsearch.ssl.keystore.path: /path/to/file
#xpack.management.elasticsearch.ssl.keystore.password: password
#xpack.management.elasticsearch.ssl.verification_mode: certificate
#xpack.management.elasticsearch.sniffing: false
#xpack.management.logstash.poll_interval: 5s


  1. xpack configuration in elasticsearch.yml file

###########################################################

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

############################################################

I have the question,too
MY version is 7.4.2
and I alse don't why

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.