Breaking up ELK stack to individual machines

Elastic Stack Elasticsearch
21

I understand the frustration. I've gone through it with the ELK stack :slight_smile: The early documentation leaves much to be desired (I started with v0.19 Elasticsearch and don't remember what version of logstash at that time).

So, did using 0.0.0.0 work? If vSphere is similar to other VM software, then how is its network stack and DNS configured? Is it configured to use NAT or bridge?

AFAIK, when a VM is config to use NAT, then it plays funny games with routing and DNS resolution for the VM that it started. Since I have no experience with vSphere, this is about as far I can go with helping :smile:

22

Woah! That seems to have maybe done the trick. I need to test more but its looking promising. Thanks a lot!

23

Well, I can curl it externally at least...

Logstash is still having issue connecting it seems. Here are the logs:

{:timestamp=>"2015-12-28T10:32:04.858000-0800", :message=>"Failed to flush outgoing items", :outgoing_count=>1, :exception=>org.elasticsearch.cluster.block.ClusterBlockException: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];[SERVICE_UNAVAILABLE/2/no master];, :backtrace=>["org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedException(org/elasticsearch/cluster/block/ClusterBlocks.java:151)", "org.elasticsearch.cluster.block.ClusterBlocks.globalBlockedRaiseException(org/elasticsearch/cluster/block/ClusterBlocks.java:141)", "org.elasticsearch.action.bulk.TransportBulkAction.executeBulk(org/elasticsearch/action/bulk/TransportBulkAction.java:215)", "org.elasticsearch.action.bulk.TransportBulkAction.access$000(org/elasticsearch/action/bulk/TransportBulkAction.java:67)", "org.elasticsearch.action.bulk.TransportBulkAction$1.onFailure(org/elasticsearch/action/bulk/TransportBulkAction.java:153)", "org.elasticsearch.action.support.TransportAction$ThreadedActionListener$2.run(org/elasticsearch/action/support/TransportAction.java:137)", "java.util.concurrent.ThreadPoolExecutor.runWorker(java/util/concurrent/ThreadPoolExecutor.java:1145)", "java.util.concurrent.ThreadPoolExecutor$Worker.run(java/util/concurrent/ThreadPoolExecutor.java:615)", "java.lang.Thread.run(java/lang/Thread.java:745)"], :level=>:warn}
    {:timestamp=>"2015-12-28T10:33:05.863000-0800", :message=>"Got error to send bulk of actions: blocked by: [SERVICE_UNAVAILABLE/1/state not recovered / initialized];[SERVICE_UNAVAILABLE/2/no master];", :level=>:error}
24

Woot! One step forward :smile:

Where is logstash running? On same VM or external to VM? What version? Are you using HTTP or transport protocol?

25

So after a bit of research yesterday I found the "protocol" setting for the output and set that to "http" as opposed to it defaulting to "node" I believe. That seems to have cleared the Logstash issues up. Now on to Kibana! :slight_smile: Thanks again!