Unable to test output with Filebeat to Elasticsearch

Hi there, I'm trying to send the logs from Filebeat to Elasticsearch but I'm stuck with a problem regarding credentials or certification.

I have the following configuration in filebeat.yml

      - module: my_module
          enabled: true
          enabled: false
      hosts: ['my_elastic:9200']
      protocol: https
      user: "${FILEBEAT_KS_USER}"
      password: "${FILEBEAT_KS_PASS}"
      ssl.enable: true
      ssl.verification_mode: full
      ssl.certificate_authorities: ["/usr/share/filebeat/config/<ca_chain_cert>"]
      ssl.certificate: "/usr/share/filebeat/config/ssl/certs/filebeat-access.pem"
      ssl.key: "/usr/share/filebeat/config/ssl/private/filebeat-access.key"
      ssl.key_passphrase: "${KEYPASSPHRASE}"

When I try filebeat test output I'm receiving the next output:

# filebeat test output
elasticsearch: https://my_elastic:9200...
  parse url... OK
    parse host... OK
    dns lookup... OK
    dial up... OK
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... ERROR 401 Unauthorized: Unauthorized

Receiving similar logs in elasticsearch

[2021-08-27T09:58:12,303][WARN ][c.a.o.s.h.HTTPBasicAuthenticator] [odfe-0] Invalid 'Authorization' header, send 401 and 'WWW-Authenticate Basic'
[2021-08-27T09:58:20,450][WARN ][c.a.o.s.h.HTTPBasicAuthenticator] [odfe-0] Invalid 'Authorization' header, send 401 and 'WWW-Authenticate Basic'

I've followed Connect filebeat to elasticsearch - #2 by pierhugues and made the workaround to avoid the error explained in this post.

I've tried to harcode the user and password using the elastic credentials and it didn't work but I'm able to make curls with both users, elastic and filebeat successfully but still receiving the authentication error.

Any ideas? Please help


Anyone can advise, please?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.