What could be the problem here trying to connect logstash to ElasticSearch 7.5 for the first time?

What could be the problem here trying to connect logstash to Elasticsearch 7.5 for the first time?

Nov 18 11:55:34 srLogStash001 run_tviLogStash.sh[98904]: [2024-11-18T11:55:34,362][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://UA16:xxxxxx@elagen.prod.tech.dom:9200/", :erro r_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elastics earch at URL 'http://elagen.prod.tech.dom:9200/'"}

Hi @mpniel

From the 401 error (code 40 in the log), it seems to be an authentication issue when trying to connect to Elasticsearch. Let's check some possible causes:

Make sure the username (UA16) and password are correct.

Hi
username password are correct

Not according to Elasticsearch.

401 means that Elasticsearch is receiving a wrong username or password, you need to validate that.

Try to make a curl request from the Logstash machine using the username and password that are configured in the output.

The dev team say they send the correct password.
Any other idea?

No, the error is pretty clear.

"Got response code '401' contacting Elastics earch at URL

An HTTP 401 error code means that the request was Unauthorized, the user or password used is not correct.

You need to double check it and validate, something is not correct.

We use ROR

I have no idea what you mean with that.

What is ROR?

ReadonlyREST

ReadonlyREST is not an Elastic product and it is not supported here.

But as mentioned, a 401 error means that the request was unauthorized, the username or password is wrong.

There is not much with we can help you here.