I have a single node ELK 7 stack and I want Kibana to display Logstash in Monitoring. I enabled X-Pack in /etc/logstash/logstash.yml and restart logstash. I see this in /var/log:
Apr 12 11:21:28 nocptc-elk logstash: [2019-04-12T11:21:28,313][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Elasticsearch Unreachable: [https://logstash_system:xxxxxx@10.XX.XX.222:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
Apr 12 11:21:28 nocptc-elk logstash: [2019-04-12T11:21:28,348][ERROR][logstash.monitoring.internalpipelinesource] Failed to fetch X-Pack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster.
Later on I see this error:
pr 12 11:25:28 nocptc-elk logstash: [2019-04-12T11:25:28,331][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}
That's telling you that it cannot connect. Is elasticsearch running? Verify with "netstat -a | grep 9200" that something is listening to 9200 on that address. If you are binding elasticsearch to 0.0.0.0 then try changing it to the explicit 10.XX.XX.XX address.
Nothing is listening but elasticsearch is running:
[root@elk ~]# netstat -a | grep 9200
[root@elk ~]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2019-04-12 11:18:25 CDT; 59min ago
Docs: http://www.elastic.co
Main PID: 48488 (java)
CGroup: /system.slice/elasticsearch.service
├─48488 /usr/share/elasticsearch/jdk/bin/java -Xms16g -Xmx16g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyO...
└─48586 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Apr 12 11:18:25 xx.com systemd[1]: Started Elasticsearch.
Apr 12 11:18:25xx.com elasticsearch[48488]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 a...release.
Hint: Some lines were ellipsized, use -l to show in full.
Elasticsearch binds to localhost by default, so I am not surprised that 10.x.x.x address does not work. But it should still show up as listening on the port. Is there anything relavent in the elasticsearch logs?
Apr 12 12:51:05 elk logstash: [2019-04-12T12:51:05,909][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.