Logstash 无法通过 readonly rest elasticsearch 插件与 elasticsearch 通信。

Question

我正在尝试通过身份验证将 logstash 与 elasticsearch 连接，但此配置给我以下错误：[401] Forbidden by ReadonlyREST ES plugin {:class=>"Elasticsearch::Transport::Transport::Errors::Unauthorized", :level= >:错误}

配置文件如下：

[Elasticsearch 配置文件]

http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/

readonlyrest:
    enable: true
    response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
    access_control_rules:

    - name: "Logstash can write and create its own indices"
      auth_key: logstash:logstash
      type: allow
      actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
      indices: ["logstash-*", "<no_index>"]    

    - name: Kibana Server (we trust this server side component, full access granted via HTTP authentication)
      auth_key: admin:pass3
      type: allow

    - name: Developer (reads only logstash indices, but can create new charts/dashboards)
      auth_key: dev:dev
      type: allow
      kibana_access: ro+
      indices: ["<no-index>", ".kibana*", "logstash*", "default"]

[logstash 配置文件]

input {
    file {
    path =>"/var/log/site.log"
    start_position => beginning
     }


}
filter {
    grok {
        match => { "message" => "%{COMBINEDAPACHELOG}"}
    }
    geoip {
        source => "clientip"
    }
}

output {
    elasticsearch {
    user => "logstash"
    password => "logstash"
    }
}

Answer 1

在 logstash 配置文件中提及输出，如下所示：-

output {
    elasticsearch {
        hosts => ["localhost:9200"]
        user => ["logstash"]
        password => ["logstash"]
    }