Logstash error configuration

OpenSearch
, ,
1

Filebeat >Logstash>Opensearch
I am using Windows 10, Opensearch Docker, Filebeat 7.12.0, Logstash 7.11.0

Describe the issue:
error in logstash configuration.

[2024-05-07T15:21:59,352][WARN ][logstash.outputs.opensearch][main] Attempted to resurrect connection to dead OpenSearch instance, but got an error {:url=>"https://admin:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::OpenSearch::HttpClient::Pool::HostUnreachableError, :message=>"OpenSearch Unreachable: [https://admin:xxxxxx@localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Configuration:
Logstash Configuration

input {
  beats {
    port => 5044
  }
  file {
    path => "C:/Users/user/Downloads/whids-v1.7.0-release-bundle/whids-man/windows/data/logs*"
    start_position => "beginning"
  }
}
 
filter {
  # Optional: Add filters here if needed
}
 
output {
  elasticsearch {
    hosts => ["https://localhost:9200"]
    user => "admin"
    password => "admin"
    index => "filebeat-7.12.0-2024.05.07"
    ssl_certificate_verification => true
  }
}

Filebeat

# ============================== Filebeat inputs ===============================

filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - C:/Users/user/Downloads/whids-v1.7.0-release-bundle/whids-man/windows/data/logs*

# ======================= Elasticsearch template setting =======================

setup.template.settings:
  index.number_of_shards: 1
  index.number_of_replicas: 1
  #index.codec: best_compression
  #_source.enabled: false

# ================================== Outputs ===================================

# Configure what output to use when sending the data collected by the beat.

# ---------------------------- Elasticsearch Output ----------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Protocol - either `http` (default) or `https`.
  #protocol: "https"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  #username: "elastic"
  #password: "changeme"

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

# ================================= Processors =================================
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~
2

Hi @jymbay

Have you tried to use the OpenSearch output plugin for Logstash? If not, please have a look at the following page:

3

@jymbay , could you please also change ssl_certificate_verification to false in the Logstash configuration?

4

thanks alot bcs help me to solve the problems. :smiling_face_with_three_hearts: