Logstash stopped processing logs after enabling minimal security

I was wondering what should be configured on logstash side after enabling basic on Elasticsearch node?
I set x.pack.security.enabled to true on elasticsearch.yml, generated passwords for the cluster users, added the kibana user and password to the kibana file, and added the logstash_system user and password to logstash.yml. I'm able to authenticate to kibana with the elastic superuser, but i can see logstash stopped processing logs

Did you add the user and password in your logstash output configuration?

Please share your configuration and also the logs from logstash.

Logstash.yml config

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "some password"
#xpack.monitoring.elasticsearch.proxy: ["http://proxy:port"]
xpack.monitoring.elasticsearch.hosts: ["http://x.x.x.x:9200"]

logstash output configuration
output {

if [type] == "****"{
        elasticsearch { hosts => ["localhost:9200"]
        index => "......"

Dots and Asteriks are just placeholders for what is in there.

This is only used for monitoring Logstash and this kind of monitoring is deprecated, you should not use it, but use metricbeat if you want to monitor logstash.

You didn't set he user and password in your output, you need to set it, something like this:

elasticsearch {
    hosts => ["hosts"]
    index => "your-index"
    user => "user"
    password => "password"

Did you check this documentation about configuring logstash to use basic authentication?

You will probably need to create a new user to use in logstash with permissions to the index patterns you want to write.

1 Like

That was it. Thank s for the help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.