Logstash 401 error connecting to opensearch

servando · September 8, 2023, 6:35pm

Versions

OpenSearch version 2.9.0
ES logstash version 8.9.2
logstash-output-opensearch plugin 2.0.2.

Describe the issue:

Unable to connect to OpenSearch, I always get status 401
Verified : User and pwd are correct.

Tried different servers (fresh install), same result.

Configuration:

output {
opensearch {
hosts => [“https://1.2.3.4:9200”]
user => “admin”
password => “somepassword”
index => “logstash-logs-%{+YYYY.MM.dd}”
ssl_certificate_verification => false
}
}

**Relevant Logs **:
credentials are correct, verified with curl
curl https://1.2.3.4:9200 -u admin:somepassword -k
—> returns with data

Log from
[Ruby-0-Thread-9: /usr/share/logstash/vendor/bundle/jruby/2.6.0/gems/logstash-output-opensearch-2.0.2-java/lib/logstash/outputs/opensearch/http_client/pool.rb:217] opensearch - Attempted to resurrect connection to dead OpenSearch instance, but got an error {:url=>“https://admin:xxxxxx@1.2.3.4:9200/”, :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::BadResponseCodeError, :message=>“Got response code ‘401’ contacting OpenSearch at URL ‘https://1.2.3.4:9200/’”}

Any advise?

Gsmitt · September 9, 2023, 4:00am

Hey @servando

two things I noticed

your using HTTPS
you dont have certificate configured in Logstash

Perhaps try this, correct you FQDN/Ip Address

output {
  opensearch {
    hosts => ["https://opensearch.domain.com:9200"]
    auth_type => {
              type => 'basic'
              user => 'admin'
              password => 'changeit'
            }
    ecs_compatibility => disabled
    ssl => true
    ssl_certificate_verification => false
    cacert => "/opt/logstash-8.6.1/root-ca.pem" <<<<-Logstash needs  access to you certificate, 
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
     }
  }

servando · September 11, 2023, 3:58pm

I made the changes suggested and I copied the root-ca.pem file from the opensearch node (even generated a new cert for the logstash node)
I still get the 401 error message

servando · September 11, 2023, 9:21pm

fresh install with the initial config and now it works.
Do not know why the other ones were failing.

Thank you @Gsmitt

Gsmitt · September 11, 2023, 9:49pm

No problem, Glad it work for ya

Topic		Replies	Views
Failing to connect to AWS OpenSearch from Logstash OpenDistro troubleshoot	4	1136	February 9, 2022
Logstash-oss-with-opensearch-output-plugin failing to connect, 401 response Security	4	326	May 15, 2023
Security issue while dumping logs to opensearch dashboards OpenSearch	8	211	November 9, 2023
Logstash Opensearch Input OpenSearch	6	172	October 6, 2023
Not able to send logs to opensearch from logstash server, getting this warning message in the logs "[o.o.s.a.BackendRegistry ] No 'Authorization' header, send 401 and 'WWW-Authenticate Basic'" Security	7	535	May 17, 2023

Logstash 401 error connecting to opensearch

Related Topics