Filebeat Docker - Elasticsearch Host Issue

Elastic Stack Beats
,
1

Hello Everyone! I'm trying to run Filebeat in a Docker Container folowing this documentation: https://www.elastic.co/guide/en/beats/filebeat/current/running-on-docker.html#_run_the_filebeat_setup but in the second step, when I run the folowing comand:

docker run \
--net=elastic docker.elastic.co/beats/filebeat:7.17.4 \
setup -E setup.kibana.host=0.0.0.0:5601 \
-E output.elasticsearch.hosts=["https://0.0.0.0:9200"]

I recieve this error:

Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://0.0.0.0:9200: Get "https://0.0.0.0:9200": dial tcp 0.0.0.0:9200: connect: connection refused]

My Elasticsearch are already running in Docker and these are my hosts (by docker ps):

  • Elasticsearch: 0.0.0.0:9200
  • Kibana: 0.0.0.0:5061

Does anyone know the reason for this error?

2

Hi @mwsprotte Welcome to the community!

Docker Networking Issue not Elastic...

Another explanation

Might be worth reading... if you are new to docker

try using

host.docker.internal

docker run \
--net=elastic docker.elastic.co/beats/filebeat:7.17.4 \
setup -E setup.kibana.host=host.docker.internal:5601 \
-E output.elasticsearch.hosts=["https://host.docker.internal:9200"]
1 Like
3

Hi, @stephenb
Using 'host.docker.internal' worked for me, thanks for this tip and the references!! :smiley:

4

Hello @stephenb

I also received a similar error.

</ docker run \

docker.elastic.co/beats/filebeat:8.5.2
setup -E setup.kibana.host=172.18.0.3.0:5601
-E output.elasticsearch.hosts=["172.18.0.2:9200"]

Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://172.18.0.2:9200: Get "http://172.18.0.2:9200": context deadline exceeded] >

AND

</ Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://192.168.1.6:9200: Get "https://192.168.1.6:9200": x509: certificate signed by unknown authority] >

I tried the above method but didn't work.

5

Hello, @AnkurYogi
I already had have this error. I solved this adding the line

-E output.elasticsearch.ssl.verification_mode="none"

This makes skip the SSL verification.

6 
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: true
    reload.period: 10s

filebeat.modules:
- module: checkpoint
  firewall:
    var.syslog_host: 0.0.0.0
    var.syslog_port: 9001
filebeat.autodiscover:
  providers:
    - type: docker
      hints.enabled: true
filebeat.inputs:
- type: filestream
  enabled: true
  paths:
    - /var/log/*.log
processors:
- add_cloud_metadata: ~

output.elasticsearch:
  hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
  username: '${ELASTICSEARCH_USERNAME:}'
  password: '${ELASTICSEARCH_PASSWORD:}'

This is my filebeat.docker.yml
But the problem here is the 9001 port isn't listening on the local server to receive the logs.
Any hint on why the udp port isn't running ?

7

This is a docker item... you need to map the port see here

something like add -p 9001:9001

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.