Attempted to resurrect connection to dead ES instance

samsu · April 24, 2024, 12:28pm

i have this error :

[2024-04-24T12:24:55,861][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused (Connection refused)", :exception=>Manticore::SocketException, :cause=>org.apache.http.conn.HttpHostConnectException: Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused (Connection refused)}
[2024-04-24T12:24:55,863][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://exfo:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::SocketException] Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused (Connection refused)"}

elasticsearch.yml

cluster.name: "docker-cluster"
xpack.security.enabled: false

logstash.yml

http.host: "0.0.0.0"

logstash.conf

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  file {
    path => "/usr/share/logstash/config/test.csv"
    start_position => "beginning"
    sincedb_path => "/dev/null" 
  }
  }

filter {
  csv  {
    separator => ";"
    columns => ["aa", "bb" , "cc"]
  }

}
output {
  elasticsearch {
    hosts => ["https://localhost:9200"]
    #index => "index"
    user => "elastic"
    password => "pass"
    ssl => true 
    #cacert => "/usr/share/logstash/config/http_ca.crt"
  }
}

leandrojmp · April 24, 2024, 12:58pm

This error means that your logstash cannot connect to your Elasticsearch.

Are they running on the same machine/container? Using localhost means that logstash and elasticsearch are running on the same place.

How are you running both logstash and elasticsearch?

You need to share your entire elasticsearch.yml, this is not enough, also, if you disabled security you can remove the user, password and ssl settings from your logstash output.

This configuration in logstash.yml is irrelevant for this issue, this is related to the Logstash monitoring API only.

samsu · April 24, 2024, 1:15pm

i use docker to run elasticsearch and logstash , so that's mean they are running on the same place ,?

how can i configure elasticsearch.yml ?,

leandrojmp · April 24, 2024, 1:52pm

But where is your Logstash running? Inside a container or on the host machine? And where is your Elasticsearch running? Inside a container or on the host machine? You need to provide these informations, also provide how are you running it, with docker compose? Using docker cli?

samsu · April 24, 2024, 2:12pm

they are running in different container , with docker cli

leandrojmp · April 24, 2024, 2:19pm

If they are running in different containers, then you cannot use localhost in the logstash elasticsearch output.

localhost means the same host or the same container, since they are running in different containers you need to use the container name or the host ip if you are exposing the ports.

Topic		Replies	Views
Error message Logstash docker	9	238	April 24, 2024
Logstash "Connection Refused" Logstash docker	12	3273	May 24, 2023
Attempted to resurrect connection to dead ES instance in secure ELK Logstash	3	2081	September 30, 2021
Error [Manticore::ResolutionFailure] elasticsearch: Name or service not known"} at docker-compose Elasticsearch	3	6464	July 3, 2019
[logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance Elasticsearch elastic-stack-alerting	7	1586	May 4, 2021

Attempted to resurrect connection to dead ES instance

Related Topics