Hello,
I have verified the configurations and I am not getting where is the missing bit. Because I am still facing issues with the logstash because I couldn't see logs showing up in the Discover tab on the Kibana GUI for the latest.
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
user => elastic
password => wakfgtqwJYKgYdYsKkE8
}
}
To verify on the username and password mentioned above. I tried to run the curl command and it shown working.
# curl -X GET -u elastic:wakfgtqwJYKgYdYsKkE8 "localhost:9200/"
{
"name" : "ip-192-168-135-26",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "6Vzvcn7yTduloVhwrkG1jA",
"version" : {
"number" : "7.17.15",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "0b8ecfb4378335f4689c4223d1f1115f16bef3ba",
"build_date" : "2023-11-10T22:03:46.987399016Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
And the systemctl status logstash still showing with the errors as below.
~# systemctl status logstash
● logstash.service - logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2024-03-08 23:08:04 UTC; 2min 13s ago
Main PID: 437 (java)
Tasks: 61 (limit: 18910)
Memory: 1003.4M
CPU: 1min 30.825s
CGroup: /system.slice/logstash.service
└─437 /usr/share/logstash/jdk/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiating>
Mar 08 23:09:55 ip-192-168-135-26 logstash[437]: [2024-03-08T23:09:55,797][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:09:55 ip-192-168-135-26 logstash[437]: [2024-03-08T23:09:55,868][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:00 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:00,803][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:00 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:00,874][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:05 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:05,810][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:05 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:05,880][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:10 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:10,816][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:10 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:10,886][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:15 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:15,822][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
Mar 08 23:10:15 ip-192-168-135-26 logstash[437]: [2024-03-08T23:10:15,891][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connec>
And the logs as below.
# tail -f /var/log/logstash/logstash-plain.log
[2024-03-08T23:16:11,227][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
[2024-03-08T23:16:11,276][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}
Please need some help here, as this is a production server.
Thanks,
Ravi