如何将Logstash输出验证到安全的Elasticsearch URL（版本5.6.5）

本文介绍了如何将Logstash输出验证到安全的Elasticsearch URL（版本5.6.5）的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用Logstash和Elasticsearch版本5.6.5。到目前为止，使用了带有HTTP协议的elasticsearch输出，没有认证。现在，Elasticsearch使用基本身份验证（用户/密码）和CA认证的HTTPS URL进行保护。我对elasticsearch服务器没有任何控制权。我只是用它从Logstash输出。

I am using Logstash and Elasticsearch versions 5.6.5. So far used elasticsearch output with HTTP protocol and no authentication. Now Elasticsearch is being secured using basic authentication (user/password) and CA certified HTTPS URL. I don't have any control over the elasticsearch server. I just use it to output to from Logstash.

现在，当我尝试使用基本身份验证配置elasticsearch的HTTPS URL时，它无法创建管道。

Now when I try to configure the HTTPS URL of elasticsearch with basic authentication, it fails to create the pipeline.

输出配置

output { 
 elasticsearch {
   hosts => ["https://myeslasticsearch.server.io"]
   user => "esusername"
   password => "espassword"
   ssl => true
 }
}

错误

 1. Error registering plugin {:plugin=>"#<LogStash::OutputDelegator:0x50aa9200
 2. Pipeline aborted due to error {:exception=>#<URI::InvalidComponentError: bad component(expected user component):

如何解决这个问题？
我注意到有一个名为 cacert 的字段需要一些PEM文件。但我不知道该放什么因为Elasticsearch服务器使用CA认证的SSL而不是自签名的SSL。

How to fix this?I notice that there is a field called cacert which requires some PEM file. But I am not sure what to put there since the Elasticsearch server is using a CA certified SSL not a self-signed one.

附加问题：我没有安装任何xpack。是否需要'xpack'从Logstash购买到Elasticsearch的HTTPS输出？

Addtional question: I don't have any xpack installed. Is 'xpack' required to be purchased for HTTPS output to Elasticsearch from Logstash?

推荐答案

我找到了问题的根本原因。有三件事要做修复：

I found the root cause of the issue. There were three things to fix:

我测试的logstash版本是错误的5.5.0。我下载了正确的版本以匹配Elas ticsearch版本5.6.5。

The logstash version I tested with was wrong 5.5.0. I downloaded the correct version to match with Elasticsearch Version 5.6.5.

我使用的主机在443端口上运行。当我没有在logstash下面指定端口时附加了9200，因为连接失败了。

The host I used was running on 443 port. When I didn't specify the port as below logstash appended 9200 with it, due to which the connection failed.

hosts => ['https://my.es.server.com']

以下配置更正了logstash使用的端口。

Below configuration corrected the port used by logstash.

hosts => ['https://my.es.server.com:443']

我缺少代理连接设置。

proxy => 'http://my.proxy.com:80'

整体设置工作。

output {
    elasticsearch {
       hosts => ['https://my.es.server.com:443']
       user => 'esusername'
       password => 'espassword'
       proxy => 'http://my.proxy:80'
       index => "my-index-%{+YYYY.MM.dd}"
    }
}

不需要'ssl'字段。

No need for 'ssl' field.

此 不需要'xpack'安装。

这篇关于如何将Logstash输出验证到安全的Elasticsearch URL（版本5.6.5）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！