AWS EC2 not able to create indices in elasticsearch

Pushkar_Sharan · January 19, 2017, 6:58am

Hello All,
I did my first ELK setup on AWS Ec2 instance. for learning purpose i have kept it all on single instance. I have done below configurations but still not able to create indices.
xx.xxx.xx.xx is my IP address

ElasticSearch (1.4.4): http://xx.xxx.xx.xx:9200/_cat/indices

Logstash (1.4.2): nano /etc/logstash/conf.d/logstash.conf
input { file { path => "/tmp/logstash.txt" } } output { elasticsearch { host => "xx.xxx.xx.xx" protocol =>"http" } }

Kibana (4.0.1): http://xx.xxx.xx.xx:5601
nano config/kibana.yml
elasticsearch_url: "http://xx.xxx.xx.xx:9200"

I am adding values like this to create time stamp indices but not able to. please advise what am I missing.

echo "This is elasticsearch" >> /tmp/logstash.txt
echo "This is elasticsearch" >> /tmp/logstash.txt
echo "This is elasticsearch" >> /tmp/logstash.txt
echo "This is elasticsearch" >> /tmp/logstash.txt

Thanks in advance

warkolm · January 19, 2017, 6:59am

1 - DO NOT expose ES to the internet with no security!
2 - Why are you running 1.4.4?

Pushkar_Sharan · January 19, 2017, 7:10am

Hey Mark,

Thanks for reply.

Modified the post
Tutorial had same so installed 1.4.4 for learning,
please advise if that's the issue will upgrade to 1.7

mainec · January 19, 2017, 9:27am

What Mark meant with not exposing ES to the internet w/o security wasn't about you posting the IP but about the fact that your ES instance is accessible publicly. Read here for more information why this is a very bad idea, in particular with old versions of Elasticsearch:

http://code972.com/blog/2017/01/107-dont-be-ransacked-securing-your-elasticsearch-cluster-properly

About ES 1.4.4 - if you want to get started with Elasticsearch, my advise would be to use the latest version you can get. It contains lots of new features, performance improvements and bug fixes compared to old versions. No use learning the old API if at the end of the day you'll want to use a newer version anyway.

About your problem in particular: As this happened during playing around with Logstash and Elasticsearch, my hunch would be that you are faced with an outdated sincedb. Check here for more information on this:

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html#_tracking_of_current_position_in_watched_files

What exactly (other than learning) are you trying to accomplish? Why are you looking at such an old version of Elasticsearch?

Isabel

system · February 16, 2017, 9:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.