Elastic change ip

nandha_88 · November 13, 2018, 9:34am

Hi Team,

The ELK setup running fine for past 1 years without any issue

I tried to change elasticsearch ip from localhost to the public IP XX:XX:XX:XX but it is unsuccessfull. The logstash is not taking up the new ip

Changes made in the file

kibana.yml #elasticsearch.url: "http://localhost:9200"
elasticsearch.yml #network.host: 192.168.0.1
logstash-sample.yml #hosts => ["http://localhost:9200"]

After changing and restarting the es , kibana started and listen without any issue.
But logstash gives the below error. I am able to telnet and curl xx:xx:xx:xx 9200
without any issue

][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

Magnus_Kessler · November 13, 2018, 10:48am

It appears you've simply commented out elasticsearch.url, network.host and hosts from the relevant config files. This causes the applications to use their defaults. Try putting the actual IP addresses or host names into the configuration.

nandha_88 · November 13, 2018, 11:27am

Hi Magnus

hosts => ["http://localhost:9200"] => hosts => ["http://1XX.16x.xx.xx:9200"]

#network.host: 192.168.0.1 => network.host: 1XX.16x.xx.xx

#elasticsearch.url: "http://localhost:9200" => elasticsearch.url:"http://1XX.16x.xx.xx:9200"

I changed in the above format. IF the above settings is enough, I will do the changes again and restart . Please share if I miss anything ?

Along with the above error add the line

Running health check to see if an Elasticsearch connection is working {:healthcheck_url=localhost:9200, :path=>"/"}

Xpack is not enabled in this system.

Regards
Nandha

Magnus_Kessler · November 20, 2018, 12:23pm

Hi Nandha,

make sure that the # sign is removed from any line that should take effect. I cannot quite tell from your message whether that is the case. The fact that localhost:9200 still appears in the kibana logs, suggests that you still haven't configured the elasticsearch.url correctly.

nandha_88 · November 21, 2018, 4:47pm

Hi Magnus,

Everything seems to set correctly.
Please update where the logstash have the healthcheck url.

Regards
Nandha

nandha_88 · November 26, 2018, 4:49pm

Hi Magnus

logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2018-11-26T22:13:10,761][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/",

Along the above we should change the elasticsearch url in the file /etc/logstash/conf.d/99-output.conf

This resolved the issue.

REgards
Nandha

system · December 24, 2018, 4:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.