Logstash + shield giving authentication error [401]

I'm getting the following error while trying to output data to elasticsearch from logstash:

Failed to install template: [401] {"error":"AuthenticationException[unable to authenticate user [es_admin] for REST request [/_template/logstash]]","status":401} {:level=>:error}

I have the configuration like this in logstash:

if [type]=="signup"{
elasticsearch {
protocol => "http"
user =>"*****"
password =>"*******"
document_type => "signup"
host => "localhost"
index => "signups"

I have tried adding user with following commands:
esusers useradd -p -r logstash

I also tried giving role admin but logstash not working for admin user also. The localhost:9200 is asking for the password and after entering the password it works but the logstash is giving an error.

Try setting debug logging on in Shield to see what is happening;

PUT /_cluster/settings
    "transient" : {
        "shield.authc" : "DEBUG"

That should work and provide you with more output.

1 Like