Unable to authenticate user for REST request

bhavikdhoot · September 18, 2020, 2:27pm

Hi,

I'm trying to connect to Elasticsearch through FileBeats using the following config in my filebeat.yml.

output.elasticsearch:

Array of hosts to connect to.

#hosts: ["localhost:9200"]
hosts: ["server1:9600","server2:9600","server3:9600"]
username: "4399xxxx"
password: "abcdefgh"
protocol: "https"
ssl.certificate_authorities: "/goldeneye-ca.crt"
ssl.certificate: "/goldeneye.uk.hsbc-elk.crt"
ssl.key: "/goldeneye.uk.hsbc-elk.key"
index: "engg-%{+yyyy.MM.dd}"

But, while running FileBeat, getting the following error -

2020-09-18T19:54:29.972+0530 ERROR [publisher_pipeline_output] pipeline/output.go:155 Failed to connect to backoff(elasticsearch(https://server1:9600)): 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [4399xxxx] for REST request [/]","header":{"WWW-Authenticate":["Bearer realm="security"","ApiKey","Basic realm="security" charset="UTF-8""]}}],"type":"security_exception","reason":"unable to authenticate user [4399xxxx] for REST request [/]","header":{"WWW-Authenticate":["Bearer realm="security"","ApiKey","Basic realm="security" charset="UTF-8""]}},"status":401}
2020-09-18T19:54:29.972+0530 INFO [publisher_pipeline_output] pipeline/output.go:146 Attempting to reconnect to backoff(elasticsearch(https://server1:9600)) with 1 reconnect attempt(s)
2020-09-18T19:54:29.972+0530 INFO [publisher] pipeline/retry.go:221 retryer: send unwait signal to consumer
2020-09-18T19:54:29.974+0530 INFO [publisher] pipeline/retry.go:225 done

Appreciate any help regarding this.

Thanks.

warkolm · September 20, 2020, 9:30pm

Welcome to our community!

Can you confirm that the username and password work?

bhavikdhoot · September 21, 2020, 3:39am

Hello,

Yes, the username/pwd works fine while using the same with 'curl' command or else through web browser too.

bhavikdhoot · September 22, 2020, 4:00am

Please let me know if anyone has any clue regarding this issue.

bhavikdhoot · September 24, 2020, 5:56am

I was able to solve this error. In the Elasticsearch logs, it was throwing invalid credentials error where as in the filebeat output it shows the above error.
Digging further, we found out that there is a bug in Elasticsearch wherein if there is one or more '$' in ur password then it will throw 'invalid credentials' error in Elasticsearch.

I changed my password without any '$' and it progressed further. I hope ELK team will take a note of it and fix this bug in next releases.
Thanks.

system · October 22, 2020, 7:56am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to authenticate user [elastic] for REST request [/] Beats docker , filebeat	2	993	October 17, 2023
Enable elasticsearch module from filebeat and trying to send data to elasticsearch but getting below error Beats filebeat	1	375	February 3, 2022
Unable to connect filebeat with elasticsearch " Authentication to realm default_native failed" Beats filebeat	2	1304	September 25, 2022
Missing authentication credentials for REST request Beats elastic-stack-security , filebeat	30	4061	October 9, 2022
FileBeat Connection error to elastic search Elasticsearch	13	4743	May 10, 2019

Unable to authenticate user for REST request

Array of hosts to connect to.

Related Topics