Hi,
I have a logstash config which works fine with my local Elasticsearch instance but when i try to push to a remote instance config gives error at startup as follows:
Using default mapping template
[2021-10-07T13:17:25,981][INFO ][logstash.outputs.Elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2021-10-07T13:17:26,028][WARN ][org.logstash.instrument.metrics.gauge.LazyDelegatingGauge][main] A gauge metric of an unknown type (org.jruby.specialized.RubyArrayOneObject) has been created for key: cluster_uuids. This may result in invalid serialization. It is recommended to log an issue to the responsible developer/development team.
[2021-10-07T13:17:26,028][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>12, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1500, "pipeline.sources"=>["C:/logstash-7.6.2/config/logstash-grok.conf"], :thread=>"#<Thread:0x59254081 run>"}
[2021-10-07T13:17:26,075][ERROR][logstash.outputs.Elasticsearch][main] Failed to install template. {:message=>"Got response code '403' contacting Elasticsearch at URL 'https://mysite.com:443/_template/logstash'", :class=>"LogStash::Outputs::Elasticsearch::HttpClient::Pool::BadResponseCodeError", :backtrace=>["C:/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-10.3.3-java/lib/logstash/outputs/Elasticsearch/http_client/manticore_adapter.rb:80:in perform_request'", "C:/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:332:in
perform_request_to_url'", "C:/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-10.3.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:319:in block in perform_request'", "C:/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:414:in
with_connection'", "C:/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-output-Elasticsearch-10.3.3-java/lib/logstash/outputs/Elasticsearch/http_client/pool.rb:318:in perform_request'", "C:/logstash-7.6.2/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.3.3-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:326:in
block in Pool'",
I have default template settings.
My input looks like this
input {
beats {
port => 5044
}
}
filter {
### I have tried with the simplest filter too
}
output {
elasticsearch {
hosts => ["https://mysite.com:443"]
user => "logstash_user"
password => "myp@ssword"
index => "offline-%{[name]}-%{[logtype]}-%{+YYYY.MM.dd}"
document_id => "%{[@metadata][fingerprint]}"
}
}
Please share what is wrong here?
Thanks