Logstash Shield index_not_found_exception

security

(Nww Pot Fung Nng) #1

Hi All,

I've setup shield on elasticsearch, kibana and logstash.

elasticseach and kibana are fine. But, I got the following error for logstash receiving events.

"error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index", "index"=>"logstash.apache-2016.06.26", "resource.type"=>"index_expression", "resource.id"=>"logstash.apache-2016.06.26"}

If I manually create the indice logstash.apache-2016.06.26 using account logstash, it just works fine.

So, did I miss something?

elasticsearch {
hosts => ["https://localhost:9200"]
user => "logstash"
password => "logstash"
ssl => true
ssl_certificate_verification => false
cacert => '/appl/erp/elastic/elasticsearch-2.3.3/config/shield/rootCA.pem'
index => "logstash.%{type}-%{+YYYY.MM.dd}"
}

Regards,
fung


(Nww Pot Fung Nng) #2

As a workaround, we need to create the indice manually in crontab.

0 0 * * * /bin/curl -k -u logstash:logstash -XPUT "https://localhost:9200/logstash.apache-date +\%Y.\%m.\%d" > cr_logstash_indices.log 2>&1

Anyone got any idea why logstash is not creating the indices? Before setting up Shield, everything works just fine. Please...

regards,
fung


(Nww Pot Fung Nng) #3

It seems only me are having the problem.
It turns out to be the action.auto_create_index setting.


(system) #4