Having trouble getting data to elasticsearch

kmroz · November 13, 2015, 7:39pm

So I am currently using the newest version of the ELK stack and I seem to be getting a few errors in elasticsearch logs and logstash. I have kibana up and running.

Logstash error:
:message=>"Connection failed to initialise", :error=>"Unrecognized SSL message, plaintext connection?", :peer=>"0:0:0:0:0:0:0:1:40864", :level=>:warn}
{:timestamp=>"2015-11-13T16:56:11.026000+0000", :message=>"Failed to install template: waited for [30s]", :level=>:error}

Elasticsearch error:
/logstash-/_mapping/field/ Params: {ignore_unavailable=false, allow_no_indices=false, index=logstash-, include_defaults=true, fields=, _=1447442189003}
[logstash-*] IndexNotFoundException[no such index]
at org.elasticsearch.cluster.metadata.IndexNameExpressionResolver$WildcardExpressionResolver.resolve(IndexNameExpressionResolver.java:630

this i believe is due to issue from logstash.
Any help would be great.
Thanks,
Kenny

magnusbaeck · November 14, 2015, 2:42pm

What does your elasticsearch output configuration in Logstash look like? It looks like you're requiring SSL connections but haven't configured Logstash to use SSL (or vice versa).

kmroz · November 15, 2015, 5:11pm

output {
elasticsearch { host => localhost }
}

I rolled back to the previous versions to see if that was the issue and I'm still receiving the same error.
Also I don't know if this has to do with anything but I realized port 5000 is taken already by another application. Does logstash need to have port 5000 or is it able to run on any other port?

magnusbaeck · November 15, 2015, 7:31pm

Have you configured ES (or a proxy in front of ES) to use HTTPS on port 9200?

Logstash doesn't use port 5000 (or any other port) unless you configure it to do so.