Logstash + shield giving authentication error [401]

codinguari · September 17, 2015, 6:22am

I'm getting the following error while trying to output data to elasticsearch from logstash:

Failed to install template: [401] {"error":"AuthenticationException[unable to authenticate user [es_admin] for REST request [/_template/logstash]]","status":401} {:level=>:error}

I have the configuration like this in logstash:

if [type]=="signup"{
elasticsearch {
protocol => "http"
user =>"*****"
password =>"*******"
document_type => "signup"
host => "localhost"
index => "signups"
}
}

I have tried adding user with following commands:
esusers useradd -p -r logstash

I also tried giving role admin but logstash not working for admin user also. The localhost:9200 is asking for the password and after entering the password it works but the logstash is giving an error.

warkolm · September 19, 2015, 1:10am

Try setting debug logging on in Shield to see what is happening;

PUT /_cluster/settings
{
    "transient" : {
        "shield.authc" : "DEBUG"
    }
}

That should work and provide you with more output.