Attempted to send a bulk request to Elasticsearch configured at '["http://localhost:9200"]', but Elasticsearch appears to be unreachable or down! {:error_message=>"Connexion refusée",

Elastic Stack Logstash
1

Hello everyone,

I am a beginner on ELK. I apologize first for my bad English, I'm French.

I have 2 different error messages when launching the command "./logstash windows.conf -f".

The first being:
{Connection refused: class => "Manticore SocketException ::": level =>: error}

The second being:
Attempted to send a request to bulk Elasticsearch configured at ["http: // localhost: 9200"] 'goal Elasticsearch Appears to be unreachable or down! {: Error_message => "Connection refused": class => "Manticore SocketException ::": level =>: error}

Here's my conf NXLOG on my Windows client:

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

Module xm_syslog Module xm_json
Module im_msvistalog Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; to_json(); # For windows 2003 and earlier use the following: # Module im_mseventlog
Module om_tcp Host 192.168.1.1 Port 3515

<Route 1>
Path in => out

Here's my conf windows.conf I run with Logstash:

input {

Accept messages in on tcp/3515

Incoming messages will be in json format, one per line

Tag these messages as windows and eventlog so we can filter on them later on

tcp {
port => 3515

codec => json_lines { charset => CP1252 }

codec => "line"
tags => ["windows","eventlog"]
type => "WindowsEventLog"
}
}
filter{
if [type] == "WindowsEventLog" {
json{
source => "message"
}
if [SourceModuleName] == "eventlog" {
mutate {
replace => [ "message", "%{Message}" ]
}
mutate {
remove_field => [ "Message" ]
}
}
}
}

Here specifically the progress of the command:
./logstash -f windows.conf

Settings: Default pipeline workers: 1
Connexion refusée {:class=>"Manticore::SocketException", :level=>:error}
Pipeline main started
....
Received an event that has a different character encoding than you configured. {:text=>"{\"EventTime\":\"2016-09-23 11:42:41\",\"Hostname\":\"L
...
at [Source: [B@595f8dc3; line: 1, column: 3]>, :level=>:warn}
Attempted to send a bulk request to Elasticsearch configured at '["http://localhost:9200"]', but Elasticsearch appears to be unreachable or down! {:error_message=>"Connexion refusée", :class=>"Manticore::SocketException", :level=>:error}
Attempted to send a bulk request to Elasticsearch configured at '["http://localhost:9200"]', but Elasticsearch appears to be unreachable or down! {:error_message=>"Connexion refusée", :class=>"Manticore::SocketException", :level=>:error}

Thank you for your help.

2

As the error message says, Elasticsearch appears to be unreachable or down. Is Elasticsearch running at all? On which host? Which port? Could a firewall be blocking the access?

3

Hello,

I apologize for the delay in replying.

ElasticSearch appears to be launched, however I can not run it as logstash in "init.d" because I simply unzip but I tested it by the command "./elasticsearch" which no returns me error.

ElasticSearch is on the same machine as logstash and its port is the default, the 9200 I think.

Regarding the firewall, I do not see how the firewall blocks, if so, what port would be blocked?

Thank you for your answer.

Have a good day.