Error in Logstash

Hello Everyone,

I am trying to integrate ELK Stack 5.6.4 in RHEL 7 with ArcSight smartconnector with this link:
https://www.elastic.co/guide/en/logstash/5.6/arcsight-module.html#arcsight-instructions-smartconnector

After completion of integration we are getting this:

[2018-01-23T15:39:30,142][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

[2018-01-23T15:39:30,732][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://logstash_system:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://logstash_system:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

I have installed x-pack in elasticsearch, logstasha and kibana.

Thnks & Regards,
Krunal.

Logstash is trying to connect to localhost:9200. Is that where you're running ES?

i have an ip of elasticsearch and kibana its running on same ip address 192.168.151.134:9200 & 5601

That doesn't really answer my question, but make sure all aspects of Logstash (all elasticsearch outputs and the X-Pack monitoring configuration in logstash.yml) is configured to connect to wherever ES is running.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.