Hi team, facing the following issue-:
While running the following docker-compose.yml, rest of the containers apart from logstash container are up and running , logstash-container fails and is exited, while trying to connect to elasticsearch logstash throws the following error saying basic-auth credentials missing, though i am providing Elasticsearch hosts, username, password in the dockerfile which i am using to construct the image of logstash.
here is the error snapshot from logs, from logstash-docker container
024-11-02 17:44:41 [2024-11-02T12:14:41,821][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:44:42 [2024-11-02T12:14:42,072][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:44:42 [2024-11-02T12:14:42,098][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:44:42 [2024-11-02T12:14:42,101][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"Could not read Elasticsearch. Please check the credentials", :exception=>LogStash::ConfigurationError}
2024-11-02 17:44:42 [2024-11-02T12:14:42,286][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:44:42 [2024-11-02T12:14:42,463][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:44:42 [2024-11-02T12:14:42,508][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:44:42 [2024-11-02T12:14:42,509][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Could not read Elasticsearch. Please check the credentials"}
2024-11-02 17:44:42 [2024-11-02T12:14:42,516][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
2024-11-02 17:44:42 [2024-11-02T12:14:42,683][INFO ][logstash.configmanagement.elasticsearchsource] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elastic:xxxxxx@elasticsearch:9200/]}}
2024-11-02 17:44:42 [2024-11-02T12:14:42,712][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
2024-11-02 17:44:42 [2024-11-02T12:14:42,744][WARN ][logstash.configmanagement.elasticsearchsource] Restored connection to ES instance {:url=>"http://elastic:xxxxxx@elasticsearch:9200/"}
2024-11-02 17:44:42 [2024-11-02T12:14:42,745][INFO ][logstash.configmanagement.elasticsearchsource] Elasticsearch version determined (8.15.0) {:es_version=>8}
2024-11-02 17:44:42 [2024-11-02T12:14:42,746][WARN ][logstash.configmanagement.elasticsearchsource] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>8}
2024-11-02 17:44:42 [2024-11-02T12:14:42,848][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:44:47 [2024-11-02T12:14:47,928][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:44:52 [2024-11-02T12:14:52,905][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:44:57 [2024-11-02T12:14:57,884][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:02 [2024-11-02T12:15:02,880][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:07 [2024-11-02T12:15:07,910][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:12 [2024-11-02T12:15:12,607][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:45:12 [2024-11-02T12:15:12,628][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:45:12 [2024-11-02T12:15:12,650][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:45:12 [2024-11-02T12:15:12,652][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"Could not read Elasticsearch. Please check the credentials", :exception=>LogStash::ConfigurationError}
2024-11-02 17:45:12 [2024-11-02T12:15:12,708][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:45:12 [2024-11-02T12:15:12,800][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:45:12 [2024-11-02T12:15:12,819][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:45:12 [2024-11-02T12:15:12,821][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Could not read Elasticsearch. Please check the credentials"}
2024-11-02 17:45:12 [2024-11-02T12:15:12,884][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:17 [2024-11-02T12:15:17,905][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:22 [2024-11-02T12:15:22,885][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:27 [2024-11-02T12:15:27,923][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:32 [2024-11-02T12:15:32,881][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:37 [2024-11-02T12:15:37,915][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:42 [2024-11-02T12:15:42,614][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:45:42 [2024-11-02T12:15:42,632][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:45:42 [2024-11-02T12:15:42,647][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:45:42 [2024-11-02T12:15:42,648][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"Could not read Elasticsearch. Please check the credentials", :exception=>LogStash::ConfigurationError}
2024-11-02 17:45:42 [2024-11-02T12:15:42,697][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:45:42 [2024-11-02T12:15:42,712][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:45:42 [2024-11-02T12:15:42,728][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:45:42 [2024-11-02T12:15:42,730][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Could not read Elasticsearch. Please check the credentials"}
2024-11-02 17:45:42 [2024-11-02T12:15:42,878][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:47 [2024-11-02T12:15:47,922][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:52 [2024-11-02T12:15:52,980][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:45:57 [2024-11-02T12:15:57,892][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:46:02 [2024-11-02T12:16:02,920][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:46:07 [2024-11-02T12:16:07,881][ERROR][logstash.config.sourceloader] No configuration found in the configured sources.
2024-11-02 17:46:12 [2024-11-02T12:16:12,533][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:46:12 [2024-11-02T12:16:12,555][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:46:12 [2024-11-02T12:16:12,571][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:46:12 [2024-11-02T12:16:12,578][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"Could not read Elasticsearch. Please check the credentials", :exception=>LogStash::ConfigurationError}
2024-11-02 17:46:12 [2024-11-02T12:16:12,619][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
2024-11-02 17:46:12 [2024-11-02T12:16:12,634][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
2024-11-02 17:46:12 [2024-11-02T12:16:12,651][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
2024-11-02 17:46:12 [2024-11-02T12:16:12,655][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Could not read Elasticsearch. Please check the credentials"}
here is my docker-compose.yml-:
version: '3'
services:
# Frontend Angular Application
frontend:
image: pranchalm/easylogs_images:easylogs-frontend-1.0
container_name: frontend-container
ports:
- "4200:80"
networks:
- app-network
# Backend Spring Boot Application
backend:
image: pranchalm/easylogs_images:easylogs-backend-1.0
container_name: backend-container
depends_on:
- elasticsearch
- logstash
ports:
- "9090:9090"
networks:
- app-network
# Elasticsearch
elasticsearch:
image: pranchalm/easylogs_images:mycustom-elasticsearch-1.0
container_name: elasticsearch
ports:
- "9200:9200"
networks:
- app-network
logstash:
image: pranchalm/easylogs_images:mycustom-logstash-1.0
container_name: logstash-container
depends_on:
- elasticsearch
ports:
- "5044:5044"
- "9600:9600"
networks:
- app-network
volumes:
- /c/Micro_Services_ELK/logs:/usr/share/logstash/microservice1_logs
- /c/Micro_Services_ELK/micro-service2logs:/usr/share/logstash/microservice2_logs
networks:
app-network:
driver: bridge
also here is the dockerfile used to built image of logstash-8.15.0-:
# Use the official Logstash base image 8.15.0
FROM docker.elastic.co/logstash/logstash:8.15.0
# Set environment variables for X-Pack management
ENV xpack.management.enabled=true
ENV xpack.management.pipeline.id="*"
ENV xpack.management.elasticsearch.username=elastic
ENV xpack.management.elasticsearch.password=elastic123
ENV xpack.management.elasticsearch.hosts="http://elasticsearch:9200"
ENV xpack.management.logstash.poll_interval=5s
# Expose necessary ports
EXPOSE 5044 9600
xpaxck.management.enabled =true as i am trying to use the logstash pipeline management feature.
credentials are supplied as we can see in Dockerfile while describing xpack.management part
when i tried by independently starting and checking by going inside the bash of the logstash container using curl -u elastic:elastic123 http://elasticsearch:9200, then its able to retrieve data but not when docker compose runs, then it exits.
security is enabled on elasticsearch side with basic-auth, license also enabled trial mode, able to retrive that data via postman too.
Please help me out on this, where is my configuration going wrong? Need support, thanks in advance.