[logstash.outputs.elasticsearch][main] Failed to install template

Hi everyone,

After enabling SSL communication on my Elasticsearch server (v7.14.0), i noticed an error in my logstash logs:

[ERROR][logstash.outputs.elasticsearch][main] Failed to install template {:message=>"Got response code '403' contacting Elasticsearch.........block in after_successful_connection"]

here is my Elasticsearch.yml ssl conf :

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.supported_protocols: TLSv1.3,TLSv1.2
xpack.security.http.ssl.key: /path/to/file/file.key
xpack.security.http.ssl.certificate: /path/to/file/file.crt
xpack.security.http.ssl.certificate_authorities:  /path/to/file/file.crt
xpack.security.transport.ssl.key:  /path/to/file/file.key
xpack.security.transport.ssl.certificate:  /path/to/file/file.crt
xpack.security.transport.ssl.certificate_authorities: /path/to/file/file.crt
logger.org.elasticsearch.discovery: info

And in my logstash output plugin :

output {
        elasticsearch {
                hosts => "https://elastic_server_url:9200"
                cacert => "/path/to/file/file.crt"
                index => "my_index"
                user => "elastic-user"
                password => "XXXXX"
                codec => "json"
        }
}

The user connected has the role :

logstash_writer_role:
  cluster: ['monitor']
  run_as: ['{{ elasticsearch_logstash_login }}']
  indices:
          - names: ['{{ elasticsearch_index_name }}']
            privileges: ['write']

It works fine with the superuser role. And i don't know what clusters and indexes privileges i need to add to my custom role to make it works.

Any help would be appreciate !
Thx a lot

I'd use what they have here and remove anything that's not required.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.