[ERROR][logstash.outputs.elasticsearch] Got a bad response code from server, but this code is not considered retryable. Request will be dropped {:code=>401, :response_body=>"{"error":{"root_cause":[{"type":"security_exception","reason":"failed to authenticate user [logstash_system]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"failed to authenticate user [logstash_system]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}"}
I'm not even using the "logstash_system" account in my output config for elasticsearch.
I'm using the "elastic" account
Could you please put your Logstash output settings? Or are you using logstash_system anywhere on your settings?
For what I understand, logstash_system is needed for monitoring purposes on X-Pack. But still, it would be also recommended to use that user for output settings from Logstash to Elasticsearch
Alright, if you are not using SSL settings, you're close! Check this page https://www.elastic.co/guide/en/x-pack/current/logstash.html. This will help how to configure logstash output settings. For testing purposes, I had assigned the logstash_internal user the two roles created on the example (logstash_writer and logstash_reader), just to check if the connection between Logstash and Elasticsearch was running fine. The output conf file shold look like this:
Please find the log below. This is the same log displaying continuously.
[2017-03-30T01:36:22,955][WARN][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x79bb1764 URL:http://localhost:9200/>, :error_type=>Logstash::outputs::Elasticsearch::HttpClient::Pool::badResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.