After switching Elasticsearch Output - Logstash says it cannot reach old Elasticsearch Output Host

Hello Community,
we've recently added a Node to our Cluster - which is supposed to handle the all the Logs which are processed by Logstash.

Elasticsearch 7.10
Logstash 7.10
OS: CentOS 7

So i reconfigured my Output Files in /etc/logstash/conf.d/ the following:

output {
  if [type] != "syslog" and [type] != "apache" {
    elasticsearch {
        hosts => [""]
        index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
        user => sysadmin
        password => *******

Now i restarted logstash - but there are no logs comming in. I checked the logs and there i can read the following error:

[2021-03-23T15:43:37,839][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://sysadmin:xxxxxx@OldOutputIP:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://sysadmin:xxxxxx@OldOutputIP:9200/][Manticore::ClientProtocolException] OldOutputIP:9200 failed to respond"}

But if i search for any kind of config which still holds the OldOutputIP via

grep oldoutip *

There's no output. So i'm wondering why logstash still tries to connect to the old Elasticsearch Host. The connection of course won't work - because we encrypted that instance.

Can anyone help me?

Thanks in advance.

Kind regards,

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.