MetricBeat Logstash Monitoring Error

Running Elastic Stack 7.10.0 and am trying to modernize the monitoring by implementing Metricbeat. Elasticsearch and Kibana run on one server and logstash is running on a different server. I've got both Elasticsearch and Kibana properly configured. However, trying to get Logstash going am have hit a wall with an error:

ERROR	[publisher_pipeline_output]	pipeline/output.go:154	Failed to connect to backoff(elasticsearch(https://server.contoso.com:9200)): Get "https://server.contoso.com:9200": proxyconnect tcp: tls: first record does not look like a TLS handshake

Any ideas? Would really appreciate help.

Here's my Metricbeat config:

metricbeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml
  # Set to true to enable config reloading
  reload.enabled: true
setup.template.settings:
  index.number_of_shards: 1
  index.number_of_replicas: 0
  index.codec: best_compression
output.elasticsearch:
  hosts: ["https://server.contoso.com:9200"]
  username: "user"
  password: "password"
  protocol: "https"
  ssl:
    enabled: true
    certificate_authorities:
      - |
        -----BEGIN CERTIFICATE-----
        MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
        MQswCQYDVQQGEwJVUzEVMBMGA1...
        -----END CERTIFICATE-----

Here's my logstash-xpack.yml:

# Module: logstash
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-logstash.html

- module: logstash
  metricsets:
    - node
    - node_stats
  xpack.enabled: true
  period: 10s
  hosts: ["http://otherserver.contoso.com:9600"]

Are you publishing the Elasticsearch using a reverse proxy?
This error could be a misconfiguration of protocols on the proxy.

No proxies involved, both nodes are on the same subnet.

Enabled debug logging, a couple new lines, doesn't help me any as far as I can tell.

2020-11-20T11:55:50.182-0600	DEBUG	[esclientleg]	eslegclient/connection.go:290	ES Ping(url=https://server.contoso.com:9200)
2020-11-20T11:55:50.183-0600	INFO	[publisher]	pipeline/retry.go:219	retryer: send unwait signal to consumer
2020-11-20T11:55:50.183-0600	INFO	[publisher]	pipeline/retry.go:223	  done
2020-11-20T11:55:50.190-0600	DEBUG	[esclientleg]	eslegclient/connection.go:294	Ping request failed with: Get "https://server.contoso.com:9200": proxyconnect tcp: tls: first record does not look like a TLS handshake

On a hunch, I set proxy_url to the IP:port of our enterprise proxy, even though the two servers involved here are on the same subnet, and everything started working.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.