Logstash throwing 401 while connecting with AWS Elasticservice


I have AWS Elastic service domain setup, I’m trying to push some data from an ec2 instance to the AWS elasticservice via Logstash.

I have setup the AWS ES domain with Open access policy - Allow all traffic. I have also enabled Fine Grained Control and setup a master user account to access the AWS ES service.

It all works fine with Kibana or regular cURL calls, but logstash fails with a request sending to https://<my_es_hostname>/_license with a 401 response.

I’m not able to figure out why is this call happening. When I try to hit this in browser, I get {"Message":"Your request: '/_license' is not allowed."}

Here is the sample log that I get from logstash:

And here is my logstash configuration:


The issue is with Logstash Elasticsearch Output Plugin trying to verify license on the URL <hostname>/_license.

Refer LS should always perform ES license check · Issue #1004 · logstash-plugins/logstash-output-elasticsearch for reported issue/fix.

While that fix gets released, you can follow these steps to get it working:

  • Head over to /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch
  • Open file license_checker.rb-> Change the method appropriate_license as per the fix suggested in the above github issue. Making method appropriate_license() return true in case of OSS setup.

Leave a Reply