Logstash Shield integration

Hi ,

I have installed Shield on my Elasticsearch server, but unable to receive the events from logstash.

Do i need to install shield plugin on logstash instance?

And how the logstash output configuration looks like?

Have you had a look at this?

Thanks Christian,

I have looked into the document, Do i require CA certificate ES cluster or AD server?

Authentication against AD is optional, but you will need certificates if you want to use SSL. Are you able to connect to the cluster through other means, e.g. curl? Which versions are you using? Do you see any error messages from Logstash?

I am using logstash and ES -2.3.3 ,

I have configured logstash output as below:
elasticsearch { hosts => ["10.248.1.50:9200"] index => "qlikdemo-%{+YYYY.MM.dd}" template_overwrite => true user => logstashuser password => password}

Getting errors like below:

Sep 05, 2016 8:34:06 AM org.apache.http.impl.execchain.RetryExec execute
INFO: I/O exception (org.apache.http.NoHttpResponseException) caught when processing request to {}->http://10.248.1.50:9200: The target server failed to respond

Attempted to send a bulk request to Elasticsearch configured at '["http://10.248.1.50:9200/"]', but an error occurred and it failed! Are you sure you can reach elasticsearch from this machine using the configuration provided? {:error_message=>"10.248.1.50:9200 failed to respond"

Kindly help me.

If you have SSL enabled, I believe you need to specify the ssl parameter for the output filter.

Do i need to generate CA certificate from ES cluster or AD?

Have you tried with the ssl parameter enabled? Are you able to connect using curl? How did you setup Shield on your cluster?