Logstash is unable to send data when Elastic is configured with SSL in 7.1

Prashant_Agrawal · May 29, 2019, 4:08pm

Hello Team,
I have setup one box setup of Elastic and Kibana with SSL and HTTPS.

I used the ca.crt as generated by
openssl pkcs12 -in elastic-stack-ca.p12 -out ca.crt -nokeys

As well as tried the instance.crt generated by:
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --pem

But while running the logstash it is giving the error.. Conf and log details are as below:

ls_conf_snippet:
[root@ip-172-31-28-36 pagrawal]# cat Aladdin_ls.conf

input {
elasticsearch {
hosts => "https://localhost:9200"
index => "twitter1,twitter2"
ssl => "true"
ca_file => "/etc/elasticsearch/ca.crt"
}
}

Error:

[2019-05-28T16:44:09,344][ERROR][logstash.javapipeline ] A plugin had an unrecoverable error. Will restart this plugin.
Pipeline_id:main
Plugin: <LogStash::Inputs::Elasticsearch index=>"twitter1,twitter2", id=>"b95e5e59170b162a01d02cc7cd65c379bcb33a7623ba487ea7760e3ce7b7de1d", ca_file=>"/etc/elasticsearch/ca.crt", ssl=>true, hosts=>["https://localhost:9200"], enable_metric=>true, codec=><LogStash::Codecs::JSON id=>"json_979ce11c-6f98-4a53-acbd-547cd2f738cd", enable_metric=>true, charset=>"UTF-8">, query=>"{ "sort": [ "_doc" ] }", size=>1000, scroll=>"1m", docinfo=>false, docinfo_target=>"@metadata", docinfo_fields=>["_index", "_type", "_id"]>
Error: Failed to open TCP connection to https:0 (initialize: name or service not known)
Exception: Faraday::ConnectionFailed

Whereas curl works fine with same ca.crt:

[root@ip-172-31-28-36 pagrawal]# curl --cacert /etc/elasticsearch/ca.crt -XGET https://localhost:9200/_cat/indices?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_task_manager TmJ9H1__Tk-VbO7cMbCQ_Q 1 0 2 2 9.3kb 9.3kb

Any thoughts ?

Prashant_Agrawal · June 2, 2019, 7:21am

Hello Team,

Any thoughts or updates..

Prashant_Agrawal · June 4, 2019, 12:35pm

An update: Logstash with output as elasticsearch works fine with the ca.crt generated as per this post, where as it does not work for logstash input as elasticsearch.

Logstash working conf as output:

input {
    stdin {} 
}
output {
	stdout {codec => rubydebug}
	elasticsearch {
		hosts => ["https://172.31.28.36:9200"]
		cacert => "/etc/kibana/ca.crt"
	}
}

Logstash input conf which does not works:

input {
	stdin {} 
	elasticsearch {
	    hosts => "https://172.31.28.36:9200"
    	index => "twitter1"
    	ssl => "true"
    	ca_file => "/etc/kibana/ca.crt"
  	}
}
output {
	stdout {codec => rubydebug}
	elasticsearch {
		hosts => ["https://172.31.28.36:9200"]
		cacert => "/etc/kibana/ca.crt"
	}
}

Any thought why same cert does not work for input?

system · July 2, 2019, 12:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash to Elasticsearch over SSL Configuration Logstash	3	13072	November 16, 2017
Logstash SSL/TLS error Logstash	1	350	October 3, 2023
Logstash 7.7 can’t establish pipeline with ssl Logstash	2	62	July 15, 2024
Logstash to Elasticsearch connectivity issue after configuring SSL Elasticsearch	3	1636	April 16, 2019
Logstash SSL verification Logstash elastic-stack-security	8	6938	February 6, 2023

Logstash is unable to send data when Elastic is configured with SSL in 7.1

Related topics