When I run docker compose up -d all the containers start like they should but my Logstash container is not able to connect to my ES Cluster.
I'm getting the following connection refused error:
[2023-10-11T00:24:55,669][INFO ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused", :exception=>Manticore::SocketException, :cause=>#<Java::OrgApacheHttpConn::HttpHostConnectException: Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused>}
[2023-10-11T00:24:55,670][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://elastic:xxxxxx@localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::SocketException] Connect to localhost:9200 [localhost/127.0.0.1] failed: Connection refused"}
Not sure why I can't get Logstash to connect to my ES Cluster even though I've verified port 9200 is open.
Using localhost means that Logstash will try to connect to an Elasticsearch instance running on the same machine/container, which is not your case since they are on different containers.
You need to use the hostnames of your containers as you did here:
But since you are using https you will have to provide the ca certificate as @stephenb mentioned or set ssl_verification_mode to none in the elasticsearch output.
# Write data to ES
elasticsearch {
hosts => ["https://es01:9200"]
index => "emittr"
user => "elastic"
password => "changeme"
ssl_verification_mode => "none"
}
When I removed hosts es02 and es03 from the hosts list then I was able to successfully write to ES.
When those to 2 hosts were enabled in the config I was getting these authentication errors:
[2023-10-12T17:03:29,405][ERROR][logstash.outputs.elasticsearch][main][f205d11d7a0e48058903e0dfec13d594ff70b14d04a12f6edccae5953aa7ea48] Encountered a retryable error (will retry with exponential backoff) {:code=>401, :url=>"https://es02:9200/_bulk", :content_length=>168, :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [elastic] for REST request [/_bulk]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [elastic] for REST request [/_bulk]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}"}
[2023-10-12T17:03:30,611][ERROR][logstash.outputs.elasticsearch][main][f205d11d7a0e48058903e0dfec13d594ff70b14d04a12f6edccae5953aa7ea48] Encountered a retryable error (will retry with exponential backoff) {:code=>401, :url=>"https://es03:9200/_bulk", :content_length=>168, :body=>"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [elastic] for REST request [/_bulk]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [elastic] for REST request [/_bulk]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}"}
Fwiw, I had some connection issues when I was initially setting up my docker services as well. I had ended up switching from container names to hosts => ["https://tasks.elasticsearch:9200"] which apparently uses some docker internal networking to reference the container services since I couldn't connect via <service>_app.
If you move past using docker-compose for it and making services of the stack it might be something to try if you have networking issues again.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.