Hello Community,
we've recently added a Node to our Cluster - which is supposed to handle the all the Logs which are processed by Logstash.
Information:
Elasticsearch 7.10
Logstash 7.10
OS: CentOS 7
So i reconfigured my Output Files in /etc/logstash/conf.d/ the following:
output {
if [type] != "syslog" and [type] != "apache" {
elasticsearch {
hosts => ["http://mtxsuelk02.matrix.ag:9200"]
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
user => sysadmin
password => *******
}
}
}
Now i restarted logstash - but there are no logs comming in. I checked the logs and there i can read the following error:
[2021-03-23T15:43:37,839][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://sysadmin:xxxxxx@OldOutputIP:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://sysadmin:xxxxxx@OldOutputIP:9200/][Manticore::ClientProtocolException] OldOutputIP:9200 failed to respond"}
But if i search for any kind of config which still holds the OldOutputIP via
grep oldoutip *
There's no output. So i'm wondering why logstash still tries to connect to the old Elasticsearch Host. The connection of course won't work - because we encrypted that instance.
Can anyone help me?
Thanks in advance.
Kind regards,
Mo