Thank you for update @ylasri actually security team raised this issue when they hit localhost:9600 in chrome all the sensitive information they are able to see. How to stop or hide the information please guide.
In newer versions you can set api.enabled: false in logstash.yml to disable the API endpoint.
But doing this you will not be able to monitor your logstash instance and your logstash pipelines.
And as already said, you can set a username, password and certificate to access the logstash api endpoint, this is explained in the documentation.
Also, this API endpoint per default only binds to the loopback address, to make a request to the Logstash API on port 9600 you need access to the machine where logstash is running.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.