MetricBeat Logstash Monitoring Error

wwalker · November 19, 2020, 10:31pm

Running Elastic Stack 7.10.0 and am trying to modernize the monitoring by implementing Metricbeat. Elasticsearch and Kibana run on one server and logstash is running on a different server. I've got both Elasticsearch and Kibana properly configured. However, trying to get Logstash going am have hit a wall with an error:

ERROR	[publisher_pipeline_output]	pipeline/output.go:154	Failed to connect to backoff(elasticsearch(https://server.contoso.com:9200)): Get "https://server.contoso.com:9200": proxyconnect tcp: tls: first record does not look like a TLS handshake

Any ideas? Would really appreciate help.

Here's my Metricbeat config:

metricbeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml
  # Set to true to enable config reloading
  reload.enabled: true
setup.template.settings:
  index.number_of_shards: 1
  index.number_of_replicas: 0
  index.codec: best_compression
output.elasticsearch:
  hosts: ["https://server.contoso.com:9200"]
  username: "user"
  password: "password"
  protocol: "https"
  ssl:
    enabled: true
    certificate_authorities:
      - |
        -----BEGIN CERTIFICATE-----
        MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
        MQswCQYDVQQGEwJVUzEVMBMGA1...
        -----END CERTIFICATE-----

Here's my logstash-xpack.yml:

# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-logstash.html

- module: logstash
  metricsets:
    - node
    - node_stats
  xpack.enabled: true
  period: 10s
  hosts: ["http://otherserver.contoso.com:9600"]

victortamotsu · November 20, 2020, 2:46am

Are you publishing the Elasticsearch using a reverse proxy?
This error could be a misconfiguration of protocols on the proxy.

wwalker · November 20, 2020, 3:59am

No proxies involved, both nodes are on the same subnet.

wwalker · November 20, 2020, 5:57pm

Enabled debug logging, a couple new lines, doesn't help me any as far as I can tell.

2020-11-20T11:55:50.182-0600	DEBUG	[esclientleg]	eslegclient/connection.go:290	ES Ping(url=https://server.contoso.com:9200)
2020-11-20T11:55:50.183-0600	INFO	[publisher]	pipeline/retry.go:219	retryer: send unwait signal to consumer
2020-11-20T11:55:50.183-0600	INFO	[publisher]	pipeline/retry.go:223	  done
2020-11-20T11:55:50.190-0600	DEBUG	[esclientleg]	eslegclient/connection.go:294	Ping request failed with: Get "https://server.contoso.com:9200": proxyconnect tcp: tls: first record does not look like a TLS handshake

wwalker · November 20, 2020, 8:21pm

On a hunch, I set proxy_url to the IP:port of our enterprise proxy, even though the two servers involved here are on the same subnet, and everything started working.

system · December 18, 2020, 10:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.