Hello,
We are currently moving our Elastic Cloud stack to Elastic Serverless on AWS and having issues trying to output Logstash data up the new to Elastic Serverless. Following documentation, we are providing hosts URL (with port 443 so it does not default to 9200) and the API key that was generated within Elastic Serverless.
Current logstash.yml comfiguration:
path.data: /var/lib/logstash
path.logs: /var/log/logstash
pipeline.ecs_compatibility: v8
xpack.management.enabled: true
xpack.management.pipeline.id: ["our_snmp"]
xpack.management.elasticsearch.hosts: "https://[COMPANY_PROJECT].aws.elastic.cloud:443"
xpack.management.elasticsearch.api_key: "[ID:API_KEY]"
Our Logstash Pipeline with Elastic Serverless:
output {
elasticsearch {
hosts => ["https://[COMPANY_PROJECT].aws.elastic.cloud:443"]
api_key => "[ID:API_KEY]"
data_stream => "true"
data_stream_type => "metrics"
data_stream_dataset => "logs"
data_stream_namespace => "our-snmp-datastream"
}
}
We are getting several errors in the Logstash logs related to not being able to retrieve Elasticsearch version/cluster info, but the first error seems to be that Logstash is trying to use the API on the Kibana page rather than Elasticsearch:
2024-08-07T16:21:40,278][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch version {:exception=>LogStash::Json::ParserError, :message=>"Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false')\n at [Source: (byte[])\"<!DOCTYPE html><html lang=\"en\"><head><meta charSet=\"utf-8\"/><meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"/><meta name=\"viewport\" content=\"width=device-width\"/><title>Elastic</title><style>\n \n @font-face {\n font-family: 'Inter';\n font-style: normal;\n font-weight: 100;\n src: url('https://kibana.estccdn.com/a98a8ab1019f/ui/fonts/inter/Inter-Thin.woff2') format('woff2'), url('https://kibana.estccdn.com/a98a8ab1019f/ui/fonts/inter/Inte\"[truncated 187120 bytes]; line: 1, column: 2]"}
Is there a different URL used to connect Logstash and Elasticsearch in the Elastic Serverless project rather than the Kibana pages? If so, where would it be retrievable in Elastic Serverless since there is no way to get the command line?
Also, we have found that Elasticseach is only on version 8.11.x from the Dev Tools (outside of our power to update). Would the version being bellow 8.14.x cause the issue?
Thank you