"Failed to connect" error

g.myznikov.tinkoff · August 13, 2018, 1:35pm

Hello!
I've used ELK stack with filebeat on docker. There are my config file.
elasticsearch.yml:

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0

kibana.yml:

server.port: 5601
server.host: "127.0.0.1"
xpack.security.enabled: false
xpack.reporting.encryptionKey: "smth"
elasticsearch.username: "user1"
elasticsearch.password: "smth"

logstashpipeline.yml:

input {
  beats {
    port => [5044]
  }
}
output {
  elasticsearch {
    hosts => "127.0.0.1:9200"
    index => "docker-one"
    manage_template => false
  }
}

filebeat.yml:

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /testvar/*log
    - /testvar/**/*log

output.elasticsearch:
  hosts: ["127.0.0.1:9200"]

setup.kibana:
  host: "127.0.0.1:5601"

When I' ve run docker by command

docker run -it --user=root -v /dockerfilebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /var/log:/testvar docker.elastic.co/beats/filebeat:6.3.1

I've got errors like:

2018-08-13T13:33:04.376Z	ERROR	pipeline/output.go:74	Failed to connect: dial tcp 127.0.0.1:5044: getsockopt: connection refused

How can I escape this problem?

kvch · August 13, 2018, 3:51pm

What is your full setup with all config files and debug logs? In your filebeat.yml I can see that you are sending events to Elasticsearch. However, in your Logstash config you are expecting events from Beats. Also, the error message you shared says that you are trying to connect to port 5044 which is the "default Logstash" port. But I can't see anything about sending events to Logstash in your Beats config. Are you sure these are the config files you are actually running?

g.myznikov.tinkoff · August 14, 2018, 8:00am

I've made a mistake. Actually my filebeat.yml is same exept output:

output.logstash:
  hosts: ["127.0.0.1:5044"]

kvch · August 14, 2018, 8:15am

Are you sure Logstash is running and reachable by Filebeat? Have you checked these contitions? https://www.elastic.co/guide/en/beats/filebeat/current/faq.html#connection-problem

g.myznikov.tinkoff · August 14, 2018, 9:15am

I've just checked my ports:

root@user-VirtualBox:~# telnet 127.0.0.1 5044
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.

Situation is same for 5601(Kibana) and 9200 (ElasticSearch)

kvch · August 14, 2018, 9:25am

Could you share the debug logs of Logstash and Beats?

kvch · August 14, 2018, 11:49am

Are ES, LS and FB in the same Docker image? If not have you exposed the correct ports?

g.myznikov.tinkoff · August 14, 2018, 12:05pm

No, ES and LS installed on the Ubuntu 16.04 on virtual machine. And Docker started by docker image. I don't expose any ports for this image.

kvch · August 14, 2018, 2:06pm

Could you tell me more about the setup? Are LS and ES on the same VM? Is Filebeat hosted on a separate VM?

g.myznikov.tinkoff · August 14, 2018, 3:29pm

Of course. LS and ES work on the same VM. On that machine I starting Docker image of FB.

kvch · August 15, 2018, 3:40pm

Have you configured the networking of the container to make sure you can reach the localhost of the host machine? To me it seems like a Docker issue, not ELKB problem.

After searching on the internet, I discovered this question on SO: https://stackoverflow.com/questions/24319662/from-inside-of-a-docker-container-how-do-i-connect-to-the-localhost-of-the-mach According to the solution here, you need to add --net=host to the docker command you run. This lets your container to connect to the host's localhost.

system · September 12, 2018, 3:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.