Configure custom SSL for Logstash

If using Logstash with on-premises Elasticsearch cluster, or if Elasticsearch is secured with a custom certificate, you must separately and explicitly configure Logstash to use the same CA certificate as your Elasticsearch cluster.

For comprehensive instructions, see Elasticsearch: Configuring Logstash to use TLS Encryption

1. The CA certificate must be accessible on the Logstash host’s filesystem.

   E.g. /etc/logstash/config/certs/ca.crt

2. Edit Logstash .conf. On EclecticIQ Intelligence Center installations, this is usually /etc/logstash/conf.d/eclecticiq.conf

3. Locate the output.elasticsearch block.

4. Edit it to set ssl and cacert attributes:

   output {
     elasticsearch {
       ...
       ssl => true
       cacert => '/etc/logstash/config/certs/ca.crt' 
     }
   }
   

5. Restart the Logstash service. Run as root:

   systemctl restart logstash