Help with Basic out of box logstash config

I have a working cluster. But I can’t get the logstash to Open ES AWS data node connection to work.

https:|| to bypass new user link posting error. ignore that typo

My curl command test is good from logstash node to the elk data node.
curl -XGET https:||esdatanode.elk.elk:9200/_cat/nodes?v -u admin:xxxxxxx --insecure

Error I get in logstash log.

[2019-07-03T11:35:16,029][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>“https:||admin:xxxxxx@datanode.elk.elk:9200/”, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>“Elasticsearch Unreachable: [https:||admin:xxxxxx@elkdatanode:9200/][Manticore::ClientProtocolException] PKIX path building failed: unable to find valid certification path to requested target”}

It is something to do with security and the cert. I want to use the out of the box certs for now.
Which one do I use?


output {
elasticsearch {
id=> “network-output”
hosts => [“https:||datanode.elk.elk:9200”]
index => “linux-%{+YYYY.MM.dd}”
document_type => “syslog”
user => “admin”
password => “xxxxxxx”
ssl => true
cacert => “/etc/elasticsearch/???.pem”

Got it working with these settings using root cert and added ilm setting

index => “linux-%{+YYYY.MM.dd}”
document_type => “syslog”
user => “admin”
password => “xxxxxxxxxx”
ssl => true
ssl_certificate_verification => false
cacert => “/etc/elasticsearch/root-ca.pem”
ilm_enabled => false