Can't connect to Elasticsearch from logstash version8.2

I want to use Elasticsearch and Logstash(ver 8.2).
After installed Elasticsearch and Kibana, I installed logstash.
But I got error.It seems logstash can't connect to Elasticsearch.
But Elasticsearch is runnning correctly.
(This configuration run correctly when used version 7)

Someone please teach me this reason?
Error message and configration is below.

----ERROR when start logstash-------
[INFO ][logstash.outputs.Elasticsearch][main] Failed to perform request {:message=>"127.0.0.1:9200 failed to respond", :exception=>Manticore::ClientProtocolException, :cause=>org.apache.http.NoHttpResponseException: 127.0.0.1:9200 failed to respond}
[WARN ][logstash.outputs.Elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elastic:xxxxxx@127.0.0.1:9200/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://127.0.0.1:9200/][Manticore::ClientProtocolException] 127.0.0.1:9200 failed to respond"}

----logstash config(only output)----

output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "indexname"
    user => "elastic"
    password => "password"
  }
  stdout{
    codec => rubydebug
  }
}

  1. Firewall and port
  2. Elasic interface in Elasticsearch.yml
    Set network.host: 0.0.0.0 and restart ES

Thanks for your response!
I tried but still can't connect to Elasticsearch form logstash.

1)Firewall and port
--> I set firewall , TCP 9200

2)Elastic interface in Elasticsearch.tml
--> I already set "network.host:0.0.0.0" in Elasticsearch.yml as below.

--------network part in elasticsearch.yml-------
network.host: 0.0.0.0
http.port: 9200
-----------------------------------------------------

Are there others reason?
Can anyone help me?

What will happen when you access "http://127.0.0.1:9200" using browser or curl command?

Thanks for your reply!

With Browser, access "https://127.0.0.1:9200", I got below
(of course I entered ID and Pass)

{
  "name" : "XXXXXX",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "XXXXXX",
  "version" : {
    "number" : "8.2.2",
    "build_flavor" : "default",
    "build_type" : "zip",
    "build_hash" : "XXXXXX",
    "build_date" : "2022-05-25T15:47:06.259735307Z",
    "build_snapshot" : false,
    "lucene_version" : "9.1.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

But, access "http://127.0.0.1:9200", I could not get response.

Is this means that I need setting of SSL in logstash configuration?
I saw manuarl below, but there was no comment.

If this is the reason, would you tell me the configuration I have to add?

※Below in in japanese with same meaning
https では出力が上記の通り出ましたが、httpではレスポンスがありませんでした。
LogstashのConfigに、SSLの設定を追加する必要があるということでしょうか。
Logstashのマニュアルで私が見たLogstashのマニュアルには8.2に伴いSSL設定を追加するような記載がなかったので気にしていませんでした。
もしそのとおりだとしましたら、どのような記述を追加すればよいか教えていただけると大変ありがたいです。

1 Like

Change two params:

output {
Elasticsearch {
hosts => ["https://127.0.0.1:9200"]
index => "indexname"
user => "elastic"
password => "password"
ssl_certificate_verification => false
}
stdout{
codec => rubydebug
}
}

1 Like

Thank you for your reply!

It's exactly as you said.
I changed logstash configuration, and logstash worked correctly!
Thank you for your good advice!!

1 Like

This is minimum to establish SSL, however not sure will CISO accept that. Latter you can generate certificates and improve security -> link

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.