What could be the problem here trying to connect logstash to Elasticsearch 7.5 for the first time?

What could be the problem here trying to connect logstash to Elasticsearch 7.5 for the first time?

Nov 18 11:55:34 srLogStash001 run_tviLogStash.sh[98904]: [2024-11-18T11:55:34,362][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“http://UA16:xxxxxx@elagen.prod.tech.dom:9200/”, :erro r_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::BadResponseCodeError, :error=>“Got response code ‘401’ contacting Elastics earch at URL ‘http://elagen.prod.tech.dom:9200/’”}

Please check ES logs. This logs just says that ES didn’t authenticate the logstash request.

Will the log have more information than the previous error message?

As far as I see this log entry comes from the logstash logs. It says that ES returned 401. We don’t know why. ES, using ROR, authenticates the request, so in its logs, there should be info about the rejected request. It’s a ROR log - the FORBIDDEN one. In this log, there are many useful information. Including the cause.

I have three nodes in the cluster running the elasticsearch service , how do I know which one returned the error?

If this (elagen.prod.tech.dom:9200) is the address of some load balancer you won’t be able to know that from the logstash logs (but please notice that I’m not the logstash expert and this is not ROR-related question).

Just check all 3-nodes logs.