Logstash - X-pack error conencting to ES


Does anyone know the cause of this error?

Could not fetch all the sources {:exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '403' contacting Elasticsearch at URL 'http://elasticsearch:9200/.logstash/doc/_mget'"

I am running in a docker container with x-pack plugin installed and configured to use the logstash_system user after setting the password using the util on ES.


The logstash_system account is created as a reserved account when you install X-pack to use with logstash monitoring. It is not meant to be used to write data to Elastic with.

You will need to create a separate account such as the logstash_internal account to use with your logstash pipelines as described here:


dang it! I was so close - I had a new user created it and only gave it logstash related roles - not index related security roles.


considered solved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.