Logstash to Elasticsearch over SSL Configuration

Hi, I am trying to achieve what is described in the title. I believe I have taken all steps for proper configuration but am receiving an error that seems like a connection is not being initiated through https.

Logstash output configuration:

output {
elasticsearch {
hosts => ["https://X.X.X.X:9200"]
ssl => true
cacert => '/etc/logstash/ca.pem'
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

Logstash config:

xpack.ssl.key: /etc/elasticsearch/x-pack/key.key
xpack.ssl.certificate: /etc/elasticsearch/x-pack/cert.crt
xpack.ssl.certificate_authorities: [ "/etc/elasticsearch/x-pack/ca/ca.crt" ]
xpack.security.http.ssl.enabled: true

Keys being used are generated by x-pack certgen.

Error is:
@output_class=LogStash::Outputs::ElasticSearch>", :error=>"Unrecognized SSL message, plaintext connection?"

Is there some URL configuration I have to change somewhere that I missed? Any ideas why I am getting this error? Its probably simple but I am fairly new to ELK so I appreciate any help!

Thanks!

1 Like

You have configured Logstash to use SSL when connecting, but have you configured ES to use SSL on port 9200?

I believe so. I followed instructions here: https://www.elastic.co/guide/en/x-pack/current/ssl-tls.html, just forgot to post elasticsearch.yml sorry. Do both transport and http ssl have to be enabled? I didnt enable transport since for now I am just testing this with one machine.

Could it be "elasticsearch.url" parameter in kibana.yml? I figured it was fine to leave this as http since the error is in logstash not kibana (although I suppose it should be https because it will probably lead to issues with kibana down the road).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.