Connection errors if not "localhost" used

Kennedy_Kan1 · May 25, 2016, 5:42am

I have installed ELK tools and also packetbeat and topbeat

When I configure them to send logs through localhost; there is no errors. However, when I typed the exact ip address of my machine, error pops out.

16/05/25 05:34:49.972415 single.go:126: INFO Connecting error publishing events (retrying): Head http://172.16.1.245:9200: dial tcp 172.16.1.245:9200: getsockopt: connection refused
2016/05/25 05:34:49.972442 single.go:152: INFO send fail
2016/05/25 05:34:49.972456 single.go:159: INFO backoff retry: 2s

Anyone have any ideas to resolve it?
Thanks in advance.

warkolm · May 25, 2016, 5:47am

What does SSL have to do with this then?

Kennedy_Kan1 · May 25, 2016, 5:51am

When I use another machine to send to my server, it comes with another sentence, stating

16/05/25 05:34:49.972415 single.go:126: INFO Connecting error publishing events (retrying): Head http://172.16.1.245:9200: dial tcp 172.16.1.245:9200: getsockopt: connection refused
2016/05/25 05:34:49.972442 single.go:152: INFO send fail
2016/05/25 05:34:49.972456 single.go:159: INFO backoff retry: 2s

warkolm · May 25, 2016, 5:52am

That's the same thing as your first bit of logs?

Kennedy_Kan1 · May 25, 2016, 5:57am

Maybe this will be clear.

I have two machines.

ELK server
client

When configuring beats file (topbeat.yml) to use elasticsearch as output and the host as localhost:9200, then everything is smooth without error. However, when I turn localhost:9200 to 172.16.1.221:9200, the first pile of errors come out

Then when I set up topbeat.yml in the client using elasticsearch as output and the host as 172.16.1.221:9200, the second pile of error comes out

warkolm · May 25, 2016, 5:59am

Ahh I can see you have update the topic, now it makes more sense!

Can you contact ES via 172.16.1.221:9200 from the host that filebeat is running on?

Kennedy_Kan1 · May 25, 2016, 6:17am

I didnt run on any filebeat
Is it a must to run filebeat

warkolm · May 25, 2016, 7:20am

Sorry, packetbeat or topbeat.

Kennedy_Kan1 · May 25, 2016, 7:21am

How to check if it is contacting the ES? I can only see the beats are reading logs when I run the yml with - "publish"

warkolm · May 25, 2016, 7:22am

Use telnet to see if it can connect.

Kennedy_Kan1 · May 25, 2016, 7:26am

No, it says connection refused when telnet IP 9200

warkolm · May 25, 2016, 7:54am

Do you have ES listening to that 172.16.1.221 IP? What's in your config?

Kennedy_Kan1 · May 25, 2016, 8:27am

Oh I have changed the elasticsearch.yml networkhost to 0.0.0.0
then everything is ok now
What's the reason though

warkolm · May 25, 2016, 8:29am

https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#modules-network

Kennedy_Kan1 · May 25, 2016, 8:40am

Thanks for the guide. Great Thx.
I have come across another problem, not sure you have any ideas about it?
https://discuss.elastic.co/t/read-files-from-another-machine/50922?u=kennedy_kan1

Topic		Replies	Views
Send beat logs from client to ELK server Elasticsearch	3	911	July 5, 2017
Transport.go 125 SSL client failed to connect with dial tcp <IP:Address of ELK>5044 getsockopt connection refused Beats	8	1514	October 10, 2018
Getting connection refused error while trying to send log file from filebeat to elasticsearch in different server.( Modified elasticsearch port to 9201) Beats filebeat	25	15234	October 4, 2017
Install Elasticsearch	7	1506	July 5, 2017
ERR Connecting error publishing events Beats winlogbeat	3	1792	April 18, 2017

Connection errors if not "localhost" used

Related topics