Logstash : How to configure certificate for input source & output destination for OpenSearch Logstash

jmeher · January 21, 2025, 5:14am

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch - 2.18.0

Describe the issue:
How to configure the certificate for input source & output destination for OpenSearch Logstash. Below configuration is not working for me.

Configuration:
input {
opensearch {
hosts => [“https://HOST1:9200”]
index => “my_source_index”
query => ‘{ “query”: { “match_all”: {}} }’
ssl_certificate_authorities => [“/user/certificate_src/CA.pem”]
ssl_certificate => “/user/certificates_src/client.pem”
ssl_key => “/user/certificate_src/client.key”
ssl => true
}
}

output {
opensearch {
hosts => [“https://HOST2:9200”]
index => “my_dest_index”
ecs_compatibility => “disabled”
ssl_certificate_authorities => [“/user/certificate_dest/CA.pem”]
ssl_certificate => “/user/certificate_dest/client.pem”
ssl_key => “/user/certificate_dest/client.key”
ssl => true
}
}

Relevant Logs or Screenshots:

pablo · January 21, 2025, 11:29am

@jmeher As per “Logstash OpenSearch input plugin” code you have two options.

Set ssl to true (ssl => true). This will disable SSL certificate verification.
Set ssl and ca_file (ssl => true, ca_file => “path to OpenSearch node root-ca.pem file”). This will enable SSL verification.

There is no client certificate authentication for the input plugin.

github.com/opensearch-project/logstash-input-opensearch

lib/logstash/inputs/opensearch.rb

6cb89eb78


      
          end
          
          def search_request(options)
            @client.search(options)
          end
          
          def hosts_default?(hosts)
            hosts.nil? || ( hosts.is_a?(Array) && hosts.empty? )
          end
          
          def setup_ssl
            return { :ssl  => true, :ca_file => @ca_file } if @ssl && @ca_file
            return { :ssl  => true, :verify => false } if @ssl  # Setting verify as false if ca_file is not provided
          end
          
          def setup_hosts
            @hosts = Array(@hosts).map { |host| host.to_s } # potential SafeURI#to_s
            if @ssl
              @hosts.map do |h|
                host, port = h.split(":")
                { :host => host, :scheme => 'https', :port => port }

jmeher · January 22, 2025, 5:18am

Hi @pablo,
Thanks for the reply and quick help. The input configuration is working now. Could you please help me to get the certificate configuration for output to connect another OpenSearch cluster or any other system like Splunk. Below config is not working :

output {
opensearch {
hosts => [“https://HOST2:9200”]
index => “my_dest_index”
ecs_compatibility => “disabled”
ssl => true
ca_file => “/user/certificate_dest/CA.pem”
ssl_certificate => “/user/certificate_dest/client.pem”
ssl_key => “/user/certificate_dest/client.key”
}
}

Regards,
J Meher

Topic		Replies	Views
Logstash Opensearch Input OpenSearch	6	331	October 6, 2023
Logstash 8.8.2 + Opensearch 2.15 with SSL OpenSearch	3	125	July 9, 2024
Logstash input with logstash-input-opensearch plugins fail without ssl OpenSearch discuss , troubleshoot , configure	1	382	January 19, 2024
Secure communication from Logstash to opensearch cluster OpenSearch	4	746	September 16, 2023
Having problem forwarding logs from logstash to elasticsearch via SSL Open Source Elasticsearch and Kibana	1	411	February 7, 2023

Logstash : How to configure certificate for input source & output destination for OpenSearch Logstash

Related topics