Logstash to Elastic Cloud error 400

zee67 · June 17, 2020, 7:10pm

Trying to connect Logstash to Elastic Cloud but getting error 400. My Logstash config is below, any help appreciated.

input {
tcp {
port => 9600
}
}

filter {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp}
%{SYSLOGHOST:syslog_hostname}
%{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?:
%{GREEDYDATA:syslog_message}" }
}

}

output {
elasticsearch {
hosts => [ "https://$our_elastic_url.aws.found.io:9243" ]
user => "elastic"
password=> "$password"
}
}

Logtash Error

[WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@$our_elastic_url.us-east-1.aws.found.io:9243/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '400' contacting Elasticsearch at URL 'https://$our_elastic_url.us-east-1.aws.found.io:9243/'"}

system · July 15, 2020, 7:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.