Afternoon everyone. I recently built an ELK stack on Ubuntu 22.04 by following instructions I found by searching for the installation procedure. I followed the article to the letter and after completion, when trying to connect to x.x.x.x:9200 or x.x.x.x:5601, the connection is never completed the page displayed ( for Elasticsearch) just says, "refused to connect". I have checked all the services Elasticsearch, Kibana, and Logstash and they all say that they are running and when I try running the curl command, it connects and I see the expected output. I wanted to see if someone might know off the top of their head what typically causes that. I am not typically a linux user so I am somewhat lost as to where to go from here.
What is the value for
network.host in elasticsearch.yml?
Have you tested connection with curl?
Can you test temporarily with:
network.host: 0.0.0.0? When change params in elasticsearch.yml you have to restart ES service?
If Kibana and ES are on different hosts, you have to open port 9200 on ES an 5601 on Kibana.
Yes I the IP address is defined in all .yml and filebeat config fileas the actual IP address. I have not tried addressing the host using the 0.0.0.0 entry. I will try that. They are all on the same host. so I will change all host IP address references to the all-zero entry and see if that corrects the issue. Thank you for taking the time to respond. It is greatly appreciated and I will post the results after testing.
Welcome to our community!
It's useful if you provide configs and the logs of each so we can see what is and isn't happening.
Just to clarify, if all apps on the same server you can user localhost or net. IP, but if you put for instance only net.IP then request will be rejected. Here is more details. Easiest is to set 0.0.0.0 in elasticsearch.yml
As warkolm said, is there any trace in logs? Let's first make sure then ES is reachable from curl, after then check Kibana access.
It actually turned out to be a couple of things. I did edit my elasticsearch.yml file to reflect host value of 0.0.0.0. That alone didn't correct it. I then ran the command to show the status of UFW and while 9200 was there, 5601 was not. I added 5601 to the list and then I was able to connect. Not sure why it wasn't part of the install.
I must say, I have never ever had one of these installs go smoothly (ELK). It seems that when you get one issue resolved another one pops up. Does everyone run into things like this when setting one of these up or is it just maybe not know all the fundamentals of Ubuntu/Linux?
For instance on this install I had the issue of being unable to connect. I consult with you guys and you direct me accordingly and that problem was resolved. I get in to the server, go to start creating inputs (one of which will be a fortigate firewall) and when I try to add the integration, it says, you must have security enabled. I follow the commands presented by Elasticsearch itself, then it stop functioning again. Is there a place or method that you folks turn to when trying to install a particular application? One that is accurate every time? Obviously the one I followed was not at all accurate/complete.
Well, it's just a learning process. Now you can set correct network.host or leave it as it is.
Firewall is not related to ELK.
Thank you guys very much. I think I have it going now. Your knowledge is appreciated.