0

I followed below documentation for setting up filebeat- 9.0.4 on local machine (Ubuntu 24.04.2 LTS)

Filebeat quick start: installation and configuration | Beats (self-managed tab)

I used below command to generate fingerprint openssl x509 -fingerprint -sha256 -in config/certs/http_ca.crt

beats service coming up and trying to connect to Elasticsearch but getting below error.

[2025-08-05T18:02:35,252][WARN ][o.e.h.AbstractHttpServerTransport] [HP-ENVY-5xxx] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/127.0.0.1:9200, remoteAddress=/127.0.0.1:52120} io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: (bad_certificate) Received fatal alert: bad_certificate at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:500) ~[?:?] at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?] at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]

filebeat.ymal configuration

output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  # Performance preset - one of "balanced", "throughput", "scale",
  # "latency", or "custom".
  preset: balanced

  # Protocol - either `http` (default) or `http`.
  protocol: "http"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "<pasword>"
  ssl:
    enabled: true
    ca_trusted_fingerprint: "generated from command <openssl x509 -fingerprint -sha256 -in config/certs/http_ca.crt>"

I can access localhost:9200 from browser using same username and password that is configured for filebeat Here is the browser response

name    "HP-ENVY-5xxx"
cluster_name    "elasticsearch"
cluster_uuid    "J9Zyf_YvRLyVr7nSzKOqyg"
version 
number  "9.0.3"
build_flavor    "default"
build_type  "deb"
build_hash  "cc7302afc8499e83ba2ceaa96451681f0609d"
build_date  "date"
build_snapshot  false
lucene_version  "10.1.0"
minimum_wire_compatibility_version  "8.18.0"
minimum_index_compatibility_version "8.0.0"
tagline "You Know, for Search"

I can connect to Kibana successfully.

Please help me understand on how to resolve this issue and let me know if you need any more details.

Improve this question
Related questions
599
Make elasticsearch only return certain fields?
337
elasticsearch bool query combine must with OR
1
filebeat failed to connect to elasticsearch
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.