OpenSearch 401 for /_bulk

Question

I am using fluent bit to stream logs from Kubernetes to OpenSearch (AWS). I have deployed via the Helm charts and have configured the output as below

[OUTPUT]
    Name opensearch
    Match *
    Host aws-domain-name.region.es.amazonaws.com
    Port 443
    Index k8s-index
    Type my_type
    tls on
    tls.verify off
    HTTP_User redacted
    HTTP_Passwd redacted

This gives me the following error [2022/09/27 11:52:19] [error] [output:opensearch:opensearch.0] HTTP status=401 URI=/_bulk

The user has been created in OpenSearch with all_access. This was originally deployed using IAM roles but was replaced with HTTP username and password to try and simplify the troubleshooting

score 1 · Accepted Answer · answered Oct 05 '22 at 10:54

The issue was to do with the fluentbit config. The updated config is

 [OUTPUT]
     Name opensearch
     Match *
     Host aws-domain-name.region.es.amazonaws.com
     Port 443
     AWS_Region eu-west-1
     Index k8s-index
     TLS on
     AWS_Auth On

score 0 · Answer 2 · answered Sep 28 '22 at 05:50

0

OpenSearch uses basic authentication by default with username 'admin' and password 'admin'. Please try with this and see

answered Sep 28 '22 at 05:50

kittur_riyaz

116
5

OpenSearch 401 for /_bulk

2 Answers2