Logstash + shield giving authentication error [401]

codinguari · September 17, 2015, 6:22am

I'm getting the following error while trying to output data to elasticsearch from logstash:

Failed to install template: [401] {"error":"AuthenticationException[unable to authenticate user [es_admin] for REST request [/_template/logstash]]","status":401} {:level=>:error}

I have the configuration like this in logstash:

if [type]=="signup"{
elasticsearch {
protocol => "http"
user =>"*****"
password =>"*******"
document_type => "signup"
host => "localhost"
index => "signups"
}
}

I have tried adding user with following commands:
esusers useradd -p -r logstash

I also tried giving role admin but logstash not working for admin user also. The localhost:9200 is asking for the password and after entering the password it works but the logstash is giving an error.

warkolm · September 19, 2015, 1:10am

Try setting debug logging on in Shield to see what is happening;

PUT /_cluster/settings
{
    "transient" : {
        "shield.authc" : "DEBUG"
    }
}

That should work and provide you with more output.

Topic		Replies	Views
PKI authentication in logstash Elastic Search Output not working Elasticsearch	22	4118	July 5, 2017
Logstash + elasticsearch + shield Logstash	3	651	July 6, 2017
Logstash throwing error after enabling the xpack security Logstash	3	292	July 9, 2020
Can't get logstash user to authenticate to ES Elasticsearch elastic-stack-security	5	2516	July 6, 2017
SOLVED: Logstash issue with shield - "action [indices:data/write/bulk] is unauthorized for user [logstash]" Logstash elastic-stack-security	15	13615	July 6, 2017

Logstash + shield giving authentication error [401]

Related Topics