Logstash + shield giving authentication error [401]

(Sumit Kumar) #1

I'm getting the following error while trying to output data to elasticsearch from logstash:

Failed to install template: [401] {"error":"AuthenticationException[unable to authenticate user [es_admin] for REST request [/_template/logstash]]","status":401} {:level=>:error}

I have the configuration like this in logstash:

if [type]=="signup"{
elasticsearch {
protocol => "http"
user =>"*****"
password =>"*******"
document_type => "signup"
host => "localhost"
index => "signups"

I have tried adding user with following commands:
esusers useradd -p -r logstash

I also tried giving role admin but logstash not working for admin user also. The localhost:9200 is asking for the password and after entering the password it works but the logstash is giving an error.

(Mark Walkom) #2

Try setting debug logging on in Shield to see what is happening;

PUT /_cluster/settings
    "transient" : {
        "shield.authc" : "DEBUG"

That should work and provide you with more output.

(system) #3