I think logstash is having trouble sending data to elasticsearch.
To secure beats communications, I've set elasticsearch to use https. I think because of that logstash is having some trouble sending data to elasticsearch.
I get something like this from logstash:
[WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_internal:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_internal:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] localhost:9200 failed to respond"}
this is my logstash .conf:
output{
elasticsearch {
hosts => ["localhost:9200"]
index => "cleandata"
user => "logstash_internal"
password => "password"
} }
I assume that in my logstash .conf within that output {}, I need to specify some additional context but I'm not sure what and in what syntax. I'm scratching my head around it and feel a little lost. Does anyone know what's missing? Thanks ahead!
I take it that you mean elasticsearch expects clients to connect using TLS. In that case you need to configure the elasticsearch output to use TLS, which you have not done...
This blog has the step-by-step for configuring TLS between logstash and elasticsearch.
[WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash_internal:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://logstash_internal:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}
I seem to be missing the "cacert" then. I know this is astromonically dumb of me but i have got so many of certs I'm not sure which one I need to give it. Would the path for the right cert be in the elasticsearch.yml?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.