Elasticsearch - Logsrash: Could not connect to a compatible version of Elasticsearch

Hi,

I installed Elasticsearch 7.16.1 with Kibana 7.16.1 and Logstash 7.16.1.
Elasticsearch and Kibana got the last version of ROR : 1.37.0

The connection between ES and Kibana works. Howver, the connection between ES and Kibana does not work.

In ES side, I get this error :

FORBIDDEN by default req={ ID:1268589854-705640666#52179, TYP:GetLicenseRequest,  CGR:N/A, USR:logstash (attempted), BRS:true, KDX:null, ACT:cluster:monitor/xpack/license/get, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:<N/A>, MET:GET, PTH:/_license, CNT:<N/A>, HDR:Accept-Encoding=gzip,deflate, Authorization=<OMITTED>, Connection=Keep-Alive, Content-Type=application/json, Host=127.0.0.1:9200, User-Agent=Logstash/7.16.1 (OS=Linux-3.10.0-1127.el7.x86_64-amd64; JVM=Oracle Corporation-11.0.5) logstash-output-elasticsearch/11.2.3, content-length=0, HIS:[logstash with write and create permissions for its own indices-> RULES:[auth_key->true, actions->false] RESOLVED:[user=logstash]], [Kibana Server-> RULES:[auth_key->false]], [Automation Lab users-> RULES:[ldap_auth->false]], [PAM/POME users-> RULES:[ldap_auth->false]], [Administrator-> RULES:[ldap_auth->false]], }

In Logstash side, I get this error:

[2021-12-15T20:18:45,454][ERROR][logstash.outputs.elasticsearch][kafka-elasticsearch] Unable to get license information {:url=>"http://logstash:[email protected]:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :message=>"Got response code '403' contacting Elasticsearch at URL 'http://127.0.0.1:9200/_license'"}
[2021-12-15T20:18:45,454][ERROR][logstash.outputs.elasticsearch][kafka-elasticsearch] Could not connect to a compatible version of Elasticsearch {:url=>"http://logstash:[email protected]:9200/"}

Do you have an idea?

Best regards
Hassen

Hello @hassen, what version of Elasticsearch are you upgrading from? And how does the ACL look like?

From what I can see, maybe you will be fine with just adding this permission for the Logstash user to call this action. I.e.

actions: ["cluster:monitor/xpack/license/get"]
1 Like

Hi Simone,

You’re right, this action was missing.

Thanks again for your support. Great.
Take care.

Hassen

1 Like

Hi Simone, I had the same problem on our test environment since I had a reduced RoR config there; on prd all worked since we had this option there already. I will implement this on the test environment.
Thanks for the info!
/Arjen

1 Like

Hi @sscarduzio , Can you tell where to add this permission. I not getting anything from this.
Thanks,
Akshay