0
我想通過身份驗證連接logstash和elasticsearch,但是這個配置給了我下面的錯誤:[401] ReadonlyREST ES插件禁止{:class =>「Elasticsearch :: Transport :: Transport :: Errors :: Unauthorized」, :級別=>:錯誤}Logstash無法通過只讀restsearch elasticsearch插件與elasticsearch進行通信。
的配置文件在下面給出:
[Elasticsearch CONF文件]
http.cors.enabled: true
http.cors.allow-origin: /https?:\/\/localhost(:[0-9]+)?/
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
access_control_rules:
- name: "Logstash can write and create its own indices"
auth_key: logstash:logstash
type: allow
actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
indices: ["logstash-*", "<no_index>"]
- name: Kibana Server (we trust this server side component, full access granted via HTTP authentication)
auth_key: admin:pass3
type: allow
- name: Developer (reads only logstash indices, but can create new charts/dashboards)
auth_key: dev:dev
type: allow
kibana_access: ro+
indices: ["<no-index>", ".kibana*", "logstash*", "default"]
[logstash CONF文件]
input {
file {
path =>"/var/log/site.log"
start_position => beginning
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
user => "logstash"
password => "logstash"
}
}
https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/wiki/Supported-Rules#troubleshooting – sscarduzio