I cannot connect to my ES in my docker environment. My account and password are configured correctly, but LogStash still cannot be used!
Curl Result:
logstash@0ef097e0f:~$ curl -u elastic:7z_xxxxxxx http://elasticsearch:9200
{
"name" : "255cd0e100f0",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "EVDdihBUR76RLdIQB7VVOw",
"version" : {
"number" : "8.17.0",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "2b6a7fed44faa321997703718f07ee0420804b41",
"build_date" : "2024-12-11T12:08:05.663969764Z",
"build_snapshot" : false,
"lucene_version" : "9.12.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
logstash@0ef097e0f:~$
logstash.conf configuration:
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "erpadmin-logs-%{+YYYY.MM.dd}"
user => "elastic"
password => "7z_xxxxxxx"
ssl_verification_mode => "none"
}
elasticsearch.yml configuration:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true
Logstash logs:
configuration. Please explicitly set `xpack.monitoring.enabled: true` in logstash.yml
[2025-01-16T08:56:40,947][WARN ][deprecation.logstash.monitoringextension.pipelineregisterhook] Internal collectors option for Logstash monitoring is deprecated and targeted for removal in the next major version.
Please configure Elastic Agent to monitor Logstash. Documentation can be found at:
https://www.elastic.co/guide/en/logstash/current/monitoring-with-elastic-agent.html
[2025-01-16T08:56:41,083][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
[2025-01-16T08:56:41,108][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
[2025-01-16T08:56:41,112][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
[2025-01-16T08:56:41,112][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"Could not read Elasticsearch. Please check the credentials", :exception=>LogStash::ConfigurationError}
[2025-01-16T08:56:41,138][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
[2025-01-16T08:56:41,147][WARN ][logstash.licensechecker.licensereader] Health check failed {:code=>401, :url=>http://elasticsearch:9200/, :message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'"}
[2025-01-16T08:56:41,150][WARN ][logstash.licensechecker.licensereader] Elasticsearch main endpoint returns 401 {:message=>"Got response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/'", :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"ApiKey\"]}},\"status\":401}"}
[2025-01-16T08:56:41,150][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Could not read Elasticsearch. Please check the credentials"}
[2025-01-16T08:56:41,157][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.