Filebeat docker installation connection refused

So I've just embarked on the windy ELK road and as a training ground I thought I'd look into the ease of Docker deployments before I get under the hood and drill down on config specifics. I've installed an ELK docker stack and it works fine.

The trouble I'm having is when I come to install filebeats I get a connection refused. I'm clearly needing to pass the username elastic and default password "changeme" to the docker run setup but for the life of me I can't seem to get this parsed:

root@elk:/home/elk# docker run docker.elastic.co/beats/filebeat:7.5.1 setup -E setup.kibana.host=0.0.0.0:5601 -E output.elasticsearch.hosts=["0.0.0.0:9200"] username="elastic" password="changeme" -v

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://0.0.0.0:9200: Get http://0.0.0.0:9200: dial tcp 0.0.0.0:9200: connect: connection refused]

If anyone could give me a pointer I'd be most appreciative. I'm sure the answer is staring me in the face but I've gone a little blind.

I'm on the same journey and had the same problem. I'm using CentOS 7. My issue was my host firewall was refusing connections. I added the following rule to the firewall. Note that 172.17.0.0/16 is the default docker network.

rule family="ipv4" source address="172.17.0.0/16" service name="docker" log level="info" audit accept

I reloaded the firewall and successfully installed Filebeat!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.