Logstash Shield index_not_found_exception

Hi All,

I've setup shield on elasticsearch, kibana and logstash.

elasticseach and kibana are fine. But, I got the following error for logstash receiving events.

"error"=>{"type"=>"index_not_found_exception", "reason"=>"no such index", "index"=>"logstash.apache-2016.06.26", "resource.type"=>"index_expression", "resource.id"=>"logstash.apache-2016.06.26"}

If I manually create the indice logstash.apache-2016.06.26 using account logstash, it just works fine.

So, did I miss something?

elasticsearch {
hosts => ["https://localhost:9200"]
user => "logstash"
password => "logstash"
ssl => true
ssl_certificate_verification => false
cacert => '/appl/erp/elastic/elasticsearch-2.3.3/config/shield/rootCA.pem'
index => "logstash.%{type}-%{+YYYY.MM.dd}"


As a workaround, we need to create the indice manually in crontab.

0 0 * * * /bin/curl -k -u logstash:logstash -XPUT "https://localhost:9200/logstash.apache-date +\%Y.\%m.\%d" > cr_logstash_indices.log 2>&1

Anyone got any idea why logstash is not creating the indices? Before setting up Shield, everything works just fine. Please...


It seems only me are having the problem.
It turns out to be the action.auto_create_index setting.