Hi everyone, i configured logstash pipeline and yml, from logs I can see that I receive something but when logstash tries to connect to elasticsearch it fails giving me
[2022-10-20T08:26:09,740][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://es01:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/'"}
[2022-10-20T08:26:09,756][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Got response code '401' contacting Elasticsearch at URL 'https://es01:9200/_xpack'"}
I tried to curl with
curl --cacert ./path-to-cert.crt -u user:pwd https://es01:9200
and it works perfectly fine, as I receive
{
"name" : "es01",
"cluster_name" : "docker-cluster",
"cluster_uuid" : "mbfmRyDnRMCXZxifDx8McQ",
"version" : {
"number" : "8.4.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "2bd229c8e56650b42e40992322a76e7914258f0c",
"build_date" : "2022-08-26T12:11:43.232597118Z",
"build_snapshot" : false,
"lucene_version" : "9.3.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
logstash.conf:
input {
udp {
port => "5044"
}
}
output {
elasticsearch {
hosts => ["https://es01:9200"]
ssl => true
ssl_certificate_verification => true
cacert => "/path-to-ca.crt"
user => "user"
password => "pwd"
index => "nas-%{+YYYY.MM.dd}"
}
}
logstash.yml:
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "https://es01:9200" ]
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/path-to-ca.crt"
let me know if you need the docker-compose I used to create all containers, I really don't know what to do anymore since with curl I am able to connect to elasticsearch