Question:
I have AWS Elastic service domain setup, I’m trying to push some data from an ec2 instance to the AWS elasticservice via Logstash.
I have setup the AWS ES domain with Open access policy - Allow all traffic. I have also enabled Fine Grained Control and setup a master user account to access the AWS ES service.
It all works fine with Kibana or regular cURL calls, but logstash fails with a request sending to https://<my_es_hostname>/_license with a 401 response.
I’m not able to figure out why is this call happening. When I try to hit this in browser, I get {"Message":"Your request: '/_license' is not allowed."}
Here is the sample log that I get from logstash:
|
1 2 3 4 5 6 7 8 |
[INFO ] 2021-06-02 11:40:18.858 [[main]-pipeline-manager] elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["https:// [INFO ] 2021-06-02 11:40:19.902 [[main]-pipeline-manager] elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[https:// [WARN ] 2021-06-02 11:40:20.760 [[main]-pipeline-manager] elasticsearch - Restored connection to ES instance {:url=>"https:// [INFO ] 2021-06-02 11:40:21.371 [[main]-pipeline-manager] elasticsearch - Elasticsearch version determined (7.10.2) {:es_version=>7} [WARN ] 2021-06-02 11:40:21.380 [[main]-pipeline-manager] elasticsearch - Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7} [ERROR] 2021-06-02 11:40:21.443 [[main]-pipeline-manager] elasticsearch - Unable to get license information {:url=>"https:// [ERROR] 2021-06-02 11:40:21.449 [[main]-pipeline-manager] elasticsearch - Could not connect to a compatible version of Elasticsearch {:url=>"https:// |
And here is my logstash configuration:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
input { jdbc { jdbc_driver_class => "org.postgresql.Driver" jdbc_driver_library => "/usr/share/logstash/logstash-core/lib/jars/postgresql-42.2.20.jar" ... } } output { elasticsearch { hosts => ["https:// user => "username" password => "password" ilm_enabled => false index => "my_index" document_id => "%{id}" doc_as_upsert => true } } |
Answer:
The issue is with Logstash Elasticsearch Output Plugin trying to verify license on the URL <hostname>/_license.
Refer LS should always perform ES license check · Issue #1004 · logstash-plugins/logstash-output-elasticsearch for reported issue/fix.
While that fix gets released, you can follow these steps to get it working:
- Head over to
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-11.0.2-java/lib/logstash/outputs/elasticsearch - Open file
license_checker.rb-> Change the methodappropriate_licenseas per the fix suggested in the above github issue. Making methodappropriate_license()return true in case ofOSSsetup.