Connection errors if not "localhost" used

Kennedy_Kan1 · May 25, 2016, 5:42am

I have installed ELK tools and also packetbeat and topbeat

When I configure them to send logs through localhost; there is no errors. However, when I typed the exact ip address of my machine, error pops out.

16/05/25 05:34:49.972415 single.go:126: INFO Connecting error publishing events (retrying): Head http://172.16.1.245:9200: dial tcp 172.16.1.245:9200: getsockopt: connection refused
2016/05/25 05:34:49.972442 single.go:152: INFO send fail
2016/05/25 05:34:49.972456 single.go:159: INFO backoff retry: 2s

Anyone have any ideas to resolve it?
Thanks in advance.

warkolm · May 25, 2016, 5:47am

What does SSL have to do with this then?

Kennedy_Kan1 · May 25, 2016, 5:51am

When I use another machine to send to my server, it comes with another sentence, stating

16/05/25 05:34:49.972415 single.go:126: INFO Connecting error publishing events (retrying): Head http://172.16.1.245:9200: dial tcp 172.16.1.245:9200: getsockopt: connection refused
2016/05/25 05:34:49.972442 single.go:152: INFO send fail
2016/05/25 05:34:49.972456 single.go:159: INFO backoff retry: 2s

warkolm · May 25, 2016, 5:52am

That's the same thing as your first bit of logs?

Kennedy_Kan1 · May 25, 2016, 5:57am

Maybe this will be clear.

I have two machines.

ELK server
client

When configuring beats file (topbeat.yml) to use elasticsearch as output and the host as localhost:9200, then everything is smooth without error. However, when I turn localhost:9200 to 172.16.1.221:9200, the first pile of errors come out

Then when I set up topbeat.yml in the client using elasticsearch as output and the host as 172.16.1.221:9200, the second pile of error comes out

warkolm · May 25, 2016, 5:59am

Ahh I can see you have update the topic, now it makes more sense!

Can you contact ES via 172.16.1.221:9200 from the host that filebeat is running on?

Kennedy_Kan1 · May 25, 2016, 6:17am

I didnt run on any filebeat
Is it a must to run filebeat

warkolm · May 25, 2016, 7:20am

Sorry, packetbeat or topbeat.

Kennedy_Kan1 · May 25, 2016, 7:21am

How to check if it is contacting the ES? I can only see the beats are reading logs when I run the yml with - "publish"

warkolm · May 25, 2016, 7:22am

Use telnet to see if it can connect.

Kennedy_Kan1 · May 25, 2016, 7:26am

No, it says connection refused when telnet IP 9200

warkolm · May 25, 2016, 7:54am

Do you have ES listening to that 172.16.1.221 IP? What's in your config?

Kennedy_Kan1 · May 25, 2016, 8:27am

Oh I have changed the elasticsearch.yml networkhost to 0.0.0.0
then everything is ok now
What's the reason though

warkolm · May 25, 2016, 8:29am

https://www.elastic.co/guide/en/elasticsearch/reference/2.3/modules-network.html#modules-network

Kennedy_Kan1 · May 25, 2016, 8:40am

Thanks for the guide. Great Thx.
I have come across another problem, not sure you have any ideas about it?
https://discuss.elastic.co/t/read-files-from-another-machine/50922?u=kennedy_kan1