How to authenticate Logstash output to a secure Elasticsearch URL (version 5.6.5)

authentication elasticsearch https logstash logstash-configuration
11,178

I found the root cause of the issue. There were three things to fix:

  1. The logstash version I tested with was wrong 5.5.0. I downloaded the correct version to match with Elasticsearch Version 5.6.5.

  2. The host I used was running on 443 port. When I didn't specify the port as below logstash appended 9200 with it, due to which the connection failed.

    hosts => ['https://my.es.server.com']

    Below configuration corrected the port used by logstash.

    hosts => ['https://my.es.server.com:443']

  3. I was missing proxy connection settings.

    proxy => 'http://my.proxy.com:80'

Overall settings that worked.

output {
    elasticsearch {
       hosts => ['https://my.es.server.com:443']
       user => 'esusername'
       password => 'espassword'
       proxy => 'http://my.proxy:80'
       index => "my-index-%{+YYYY.MM.dd}"
    }
}

No need for 'ssl' field.

Also NO need for 'xpack' installation for this requirement.

Share:
11,178
Loganathan
Author by

Loganathan

Team Architect, SprintBoot, Microservices, Java/Swing, Eclipse RCP Applications development.

Updated on June 09, 2022

Comments

  • Loganathan
    Loganathan almost 2 years

    I am using Logstash and Elasticsearch versions 5.6.5. So far used elasticsearch output with HTTP protocol and no authentication. Now Elasticsearch is being secured using basic authentication (user/password) and CA certified HTTPS URL. I don't have any control over the elasticsearch server. I just use it to output from Logstash.

    Now when I try to configure the HTTPS URL of elasticsearch with basic authentication, it fails to create the pipeline.

    Output Configuration

    output { 
 elasticsearch {
   hosts => ["https://myeslasticsearch.server.io"]
   user => "esusername"
   password => "espassword"
   ssl => true
 }
}

    Errors

     1. Error registering plugin {:plugin=>"#<LogStash::OutputDelegator:0x50aa9200
 2. Pipeline aborted due to error {:exception=>#<URI::InvalidComponentError: bad component(expected user component):

    How to fix this? I notice that there is a field called cacert which requires some PEM file. But I am not sure what to put there since the Elasticsearch server is using a CA certified SSL not a self-signed one.

    Addtional question: I don't have any xpack installed. Is 'xpack' required to be purchased for HTTPS output to Elasticsearch from Logstash?

  • Annie
    Annie almost 3 years
    What is that proxy for?
  • Loganathan
    Loganathan almost 3 years
    That is the network proxy through which logstash connects to elasticsearch, it is optional.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How should I use sql_last_value in logstash?
Parsing XML file using Logstash
Logstash Update a document in elasticsearch
Kafka input to logstash plugin
logstash output to elasticsearch with document_id; what to do when I don't have a document_id?
multiple inputs on logstash jdbc
Drop log messages containing a specific string
Simplest way to get data from AWS mysql RDS to AWS Elasticsearch?
Docker-compose links vs external_links
LogStash unable to retrieve license information from license. Response code '401' contacting Elasticsearch at URL 'http://elasticsearch:9200/_xpack'