Linux – Logstash integration with AWS Elasticsearch Service


I am using AWS Elasticsearch service to configure Elasticsearch Cluster and there is a separate server where I have installed Logstash 2.1.0

Here is my Logstash sample configuration file :-

input {
    file {
    path => "/var/log/httpd/access_log"
    type => "apache-access"
    start_position => "beginning"
filter {
  if [type] == "apache-access" {
grok {
  match => [ "message", "%{COMBINEDAPACHELOG}" ]
output {
  elasticsearch {
  hosts => ""
  ssl => "true"
  manage_template => false

I cannot see any Indices in AWS Elasticsearch.
I am not sure if I am missing something. Configuration seems to be plain and simple.
Also there is no log generated on Logstash server.

When I issue the command /bin/logstash -f 01-logstash.conf it gives me proper output. This seems Logstash is working but not sending data to AWS Elasticsearch Cluster.

Best Answer

Assuming your elasticsearch service is running on port 443. You need to specify keystore path of elasticsearch along with a password. Check this link for all available options for logstash elasticsearch output.

PS: Make sure elasticsearch service is accessible from your logstash machine. Confirm using telnet from logstash to elasticsearch.