Can't connect to Elasticsearch from logstash version8.2

oga · May 27, 2022, 9:23am

I want to use Elasticsearch and Logstash(ver 8.2).
After installed Elasticsearch and Kibana, I installed logstash.
But I got error.It seems logstash can't connect to Elasticsearch.
But Elasticsearch is runnning correctly.
（This configuration run correctly when used version 7）

Someone please teach me this reason?
Error message and configration is below.

----ERROR when start logstash-------
[INFO ][logstash.outputs.Elasticsearch][main] Failed to perform request {:message=>"127.0.0.1:9200 failed to respond", :exception=>Manticore::ClientProtocolException, :cause=>org.apache.http.NoHttpResponseException: 127.0.0.1:9200 failed to respond}
[WARN ][logstash.outputs.Elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elastic:xxxxxx@127.0.0.1:9200/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://127.0.0.1:9200/][Manticore::ClientProtocolException] 127.0.0.1:9200 failed to respond"}

----logstash config(only output)----

output {
  elasticsearch {
    hosts => ["http://127.0.0.1:9200"]
    index => "indexname"
    user => "elastic"
    password => "password"
  }
  stdout{
    codec => rubydebug
  }
}

Rios · May 27, 2022, 3:12pm

Firewall and port
Elasic interface in elasticsearch.yml
Set network.host: 0.0.0.0 and restart ES

oga · May 28, 2022, 12:28am

Thanks for your response!
I tried but still can't connect to Elasticsearch form logstash.

1)Firewall and port
--> I set firewall , TCP 9200

2)Elastic interface in Elasticsearch.tml
--> I already set "network.host:0.0.0.0" in Elasticsearch.yml as below.

--------network part in elasticsearch.yml-------
network.host: 0.0.0.0
http.port: 9200
-----------------------------------------------------

Are there others reason?
Can anyone help me?

Tomo_M · May 28, 2022, 11:46am

What will happen when you access "http://127.0.0.1:9200" using browser or curl command?

oga · May 28, 2022, 5:47pm

Thanks for your reply!

With Browser, access "https://127.0.0.1:9200", I got below
(of course I entered ID and Pass)

{
  "name" : "XXXXXX",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "XXXXXX",
  "version" : {
    "number" : "8.2.2",
    "build_flavor" : "default",
    "build_type" : "zip",
    "build_hash" : "XXXXXX",
    "build_date" : "2022-05-25T15:47:06.259735307Z",
    "build_snapshot" : false,
    "lucene_version" : "9.1.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

But, access "http://127.0.0.1:9200", I could not get response.

Is this means that I need setting of SSL in logstash configuration?
I saw manuarl below, but there was no comment.

If this is the reason, would you tell me the configuration I have to add?

※Below in in japanese with same meaning
https では出力が上記の通り出ましたが、httpではレスポンスがありませんでした。
LogstashのConfigに、SSLの設定を追加する必要があるということでしょうか。
Logstashのマニュアルで私が見たLogstashのマニュアルには8.2に伴いSSL設定を追加するような記載がなかったので気にしていませんでした。
もしそのとおりだとしましたら、どのような記述を追加すればよいか教えていただけると大変ありがたいです。

Rios · May 28, 2022, 7:42pm

Change two params:

output {
elasticsearch {
hosts => ["https://127.0.0.1:9200"]
index => "indexname"
user => "elastic"
password => "password"
ssl_certificate_verification => false
}
stdout{
codec => rubydebug
}
}

oga · May 28, 2022, 11:49pm

Thank you for your reply!

It's exactly as you said.
I changed logstash configuration, and logstash worked correctly!
Thank you for your good advice!!

Rios · May 29, 2022, 5:08am

This is minimum to establish SSL, however not sure will CISO accept that. Latter you can generate certificates and improve security -> link

system · June 26, 2022, 5:09am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.