Attempted to resurrect connection to dead ES instance

samsu · April 24, 2024, 12:28pm

i have this error :

[2024-04-24T12:24:55,861][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused (Connection refused)", :exception=>Manticore::SocketException, :cause=>org.apache.http.conn.HttpHostConnectException: Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused (Connection refused)}
[2024-04-24T12:24:55,863][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://exfo:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::SocketException] Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused (Connection refused)"}

elasticsearch.yml

cluster.name: "docker-cluster"
xpack.security.enabled: false

logstash.yml

http.host: "0.0.0.0"

logstash.conf

# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  file {
    path => "/usr/share/logstash/config/test.csv"
    start_position => "beginning"
    sincedb_path => "/dev/null" 
  }
  }

filter {
  csv  {
    separator => ";"
    columns => ["aa", "bb" , "cc"]
  }

}
output {
  elasticsearch {
    hosts => ["https://localhost:9200"]
    #index => "index"
    user => "elastic"
    password => "pass"
    ssl => true 
    #cacert => "/usr/share/logstash/config/http_ca.crt"
  }
}

leandrojmp · April 24, 2024, 12:58pm

This error means that your logstash cannot connect to your Elasticsearch.

Are they running on the same machine/container? Using localhost means that logstash and elasticsearch are running on the same place.

How are you running both logstash and elasticsearch?

You need to share your entire elasticsearch.yml, this is not enough, also, if you disabled security you can remove the user, password and ssl settings from your logstash output.

This configuration in logstash.yml is irrelevant for this issue, this is related to the Logstash monitoring API only.

samsu · April 24, 2024, 1:15pm

i use docker to run elasticsearch and logstash , so that's mean they are running on the same place ,?

how can i configure elasticsearch.yml ?,

leandrojmp · April 24, 2024, 1:52pm

But where is your Logstash running? Inside a container or on the host machine? And where is your Elasticsearch running? Inside a container or on the host machine? You need to provide these informations, also provide how are you running it, with docker compose? Using docker cli?

samsu · April 24, 2024, 2:12pm

they are running in different container , with docker cli

leandrojmp · April 24, 2024, 2:19pm

If they are running in different containers, then you cannot use localhost in the logstash elasticsearch output.

localhost means the same host or the same container, since they are running in different containers you need to use the container name or the host ip if you are exposing the ports.