Logstash not working with https elastic search output

Hi Team,

I am getting below error while run log stash with https elastic search output:

Here are the error details:

[2019-07-15T12:08:17,978][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@X.X.X.X:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
[2019-07-15T12:08:18,228][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
[2019-07-15T12:08:20,963][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[https://logstash_system:xxxxxx@X.X.X.X:9200/]}}
[2019-07-15T12:08:21,119][ERROR][logstash.javapipeline ] Pipeline aborted due to error {:pipeline_id=>"main", :exception=>#<Manticore::UnknownException: Host name 'x.x.x.x' does not match the certificate subject provided by the peer (CN=instance)>, :backtrace=>["D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:37:in block in initialize'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/manticore-0.6.4-java/lib/manticore/response.rb:79:incall'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/manticore_adapter.rb:74:in perform_request'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:291:inperform_request_to_url'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:245:in block in healthcheck!'", "org/jruby/RubyHash.java:1419:ineach'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:241:in healthcheck!'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:341:inupdate_urls'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:71:in start'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:302:inbuild_pool'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client.rb:64:in initialize'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:103:increate_http_client'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/http_client_builder.rb:99:in build'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch.rb:238:inbuild_client'", "D:/ElasticStack/Logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.1.0-java/lib/logstash/outputs/elasticsearch/common.rb:25:in register'", "org/logstash/config/ir/compiler/OutputStrategyExt.java:106:inregister'", "org/logstash/config/ir/compiler/AbstractOutputDelegatorExt.java:48:in register'", "D:/ElasticStack/Logstash/logstash-core/lib/logstash/java_pipeline.rb:191:inblock in register_plugins'", "org/jruby/RubyArray.java:1792:in each'", "D:/ElasticStack/Logstash/logstash-core/lib/logstash/java_pipeline.rb:190:inregister_plugins'", "D:/ElasticStack/Logstash/logstash-core/lib/logstash/java_pipeline.rb:445:in maybe_setup_out_plugins'", "D:/ElasticStack/Logstash/logstash-core/lib/logstash/java_pipeline.rb:203:instart_workers'", "D:/ElasticStack/Logstash/logstash-core/lib/logstash/java_pipeline.rb:145:in run'", "D:/ElasticStack/Logstash/logstash-core/lib/logstash/java_pipeline.rb:104:inblock in start'"], :thread=>"#<Thread:0xe6d1f9a run>"}
[2019-07-15T12:08:21,171][ERROR][logstash.agent ] Failed to execute action {:id=>:main, :action_type=>LogStash::ConvergeResult::FailedAction, :message=>"Could not execute action: PipelineAction::Create, action_result: false", :backtrace=>nil}
[2019-07-15T12:08:21,569][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-07-15T12:08:26,525][INFO ][logstash.runner ] Logstash shut down.

Below are the OUTPUT details of my logstash.config file:

output {
 
	elasticsearch {

	ssl => true
	ssl_certificate_verification => true
	cacert => "D:\ElasticStack\Logstash\config\elastic-ca.pem"
    hosts => ["https://X.X.X.X:9200"]	
    user => "logstash_system"
	password => "TEST@123"
    
	manage_template => false
   index => "%{[@metadata][index]}-%{+YYYY.MM.dd}"
   
    }

I believe that is telling you that it cannot validate the certificate presented by the server based on the CA cert that it has. Did you include the intermediate in the elastic-ca.pem?

Thanks for the reply @Badger ,
No, I didn't use intermediate.
Dont know how to use that.
Can you please provide the steps?

Try this.

Allow me to suggest a simple thing: on windows, if you use backslashes, you need to escape them. I don't know if it's actually going to solve the problem, but it' something.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.