What could be the problem here trying to connect logstash to Elasticsearch 7.5 for the first time?
Nov 18 11:55:34 srLogStash001 run_tviLogStash.sh[98904]: [2024-11-18T11:55:34,362][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“http://UA16:xxxxxx@elagen.prod.tech.dom:9200/”, :erro r_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>“Got response code ‘401’ contacting Elastics earch at URL ‘http://elagen.prod.tech.dom:9200/’”}
As far as I see this log entry comes from the logstash logs. It says that ES returned 401. We don’t know why. ES, using ROR, authenticates the request, so in its logs, there should be info about the rejected request. It’s a ROR log - the FORBIDDEN one. In this log, there are many useful information. Including the cause.
If this (elagen.prod.tech.dom:9200) is the address of some load balancer you won’t be able to know that from the logstash logs (but please notice that I’m not the logstash expert and this is not ROR-related question).