Logstash: Got response code 403

alexanderfefelov / docker-backpack

Ops lab

MIT License

23 stars 10 forks source link

Logstash: Got response code 403 #102

Closed alexanderfefelov closed 3 years ago

alexanderfefelov commented 3 years ago

[2021-06-11T13:08:31,531][ERROR][logstash.outputs.elasticsearch][syslog][0deb3752933586c4466e8d42233e536d21068013301d21c55f897373187a6c84] Elasticsearch setup did not complete normally, please review previously logged errors {:message=>"Got response code '403' contacting Elasticsearch at URL 'http://elasticsearch.backpack.test:9200/logstash'", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError}

alexanderfefelov commented 3 years ago

https://www.gitmemory.com/issue/elastic/logstash/10722/486614924:

Apparently logstash tries to check for the "logstash" alias in order to set it up as part of the ILM process. Since the indices.names in the proposed logstash_writer role is set to "logstash-*" our user logstash_internal doesn't have the privilege to run GET /logstash. Workarounds: -either disable ILM in the Logstash ES output -or set logstash* as the index name to assign the document's proposed privileges

alexanderfefelov commented 3 years ago

After changing the index name in privileges to logstash*, another problem occured:

[2021-06-11T13:17:53,386][ERROR][logstash.outputs.elasticsearch][syslog][0deb3752933586c4466e8d42233e536d21068013301d21c55f897373187a6c84] Elasticsearch setup did not complete normally, please review previously logged errors {:message=>"Got response code '403' contacting Elasticsearch at URL 'http://elasticsearch.backpack.test:9200/%253Clogstash-%257Bnow%252Fd%257D-000001%253E'", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError}