Unable to connect logstash 8.6.1 to elastic 6.8.23 with SSL

I'm able to connect to elasticsearch 6.8.23 with logstash 8.6.1 but when I connect to an SSL enabled elasticsearch (using signed CERTS), I get the 503 error unable to connect. My output config looks like this:

It works if I connect to a local, but when an SSL Es, I get a 503.

input {
  jdbc {
    jdbc_driver_library => "/home/p/logstash-8.6.1/ojdbc6.jar" 
    jdbc_driver_class => "oracle.jdbc.driver.OracleDriver"
    jdbc_connection_string => "jdbc:oracle:thin:@localhost:1521/orcl"
    jdbc_user => "xxxx" 
    jdbc_password => "xxxxx" 
    statement_filepath => "oracle_ingest.sql"
  }
}

output {
  elasticsearch {
    index => "usage_data_report"
    hosts => ["https://myinstance.mycompany.com:443"]
    ssl_certificate_verification => false
    ilm_enabled => false
  }
  stdout { codec => json_lines }
}

Can you clarify what versions are you using?

There is not a Logstash 8.6.23, but there is a Logstash 6.8.23.

Are both Elasticsearch and Logstash on version 6.8.23? If so, what is the error you are getting? Please share your logs.

Also, Logstash 8.X is not compatible with Elasticarch 6.X.

Sorry,
logstash version is: logstash-8.6.1
elasticsearch version is: elasticsearch-6.8.23

Both are able to work together. The only problem is when elasticsearch is enabled with SSL. I've tried using logstash 6.8.x to match and it also doesn't work with SSL-enabled. I am probably missing something very simple in my config file.

Logstash 8.X does not support Elasticsearch 6.X it may work, but it may have some issues, your issue may or may note be related to this.

What is the error you are getting? You need to share the logs.

Is your elasticsearch behind a load balancer or something like?

OK I matched the versions both to use 6.8.23 (elasticsearch and logstash)

Here's the error at startup

[2023-02-07T12:09:01,663][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https://elasticsearch-xxx.yyyy.com:443/]}}
[2023-02-07T12:09:02,246][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elasticsearch-xxx.yyyy.com:443/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '503' contacting Elasticsearch at URL 'https://elasticsearch-xxx.yyyy.com:443/'"}

My conf file


input {
  jdbc {
    jdbc_driver_library => "/home/p/dev/elasticsearch-upgrade/logstash-6.8.23/ojdbc6.jar" 
    jdbc_driver_class => "Java::oracle.jdbc.driver.OracleDriver"
    jdbc_connection_string => "jdbc:oracle:thin:@localhost:1521/orcl"
    jdbc_user => "xxxx" 
    jdbc_password => "yyyy" 
    statement_filepath => "oracle_simple.sql"
  }
}
output {
  elasticsearch {
    index => "usage_data_report"
    hosts => ["https://elasticsearch-xxx.yyyy.com:443"]
    ssl => true
    ilm_enabled => false
  }
  stdout { codec => json_lines }
}

Do you have anything in front of your Elasticsearch? It normally uses port 9200, why are you using 443?

These are the only error log lines you have in your logs? It doesn't say anything about a certificate error, normally when you have certificate issues this is present in the logs.

Hi all,

it worked. My target host had only a single node running and therefore couldn't find the master. Once I started the second node, elasticsearch health went back to green. I wish the health of elasticsearch would display on the root page instead of /_cat/health.

Thanks all!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.