Hosts as name instead of IP?

BigAlbert · November 20, 2018, 12:06pm

in my conf file, can I use the Elasticsearch machine "name" instead of IP? tried using
hosts => ["Elasticsearch:9200"] yet failed. notice that I CAN ping Elasticsearch ..

THX -Albert.

Eniqmatic · November 20, 2018, 1:56pm

It should be:

hosts => ["http://elasticsearch:9200"]

BigAlbert · November 21, 2018, 9:27am

aftre implementing the change, log shows
[2018-11-21T09:21:05,477][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>, :added=>[http://:9200/]}}
[2018-11-21T09:21:05,485][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://:9200/, :path=>"/"}
[2018-11-21T09:21:05,597][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://:9200/][Manticore::ClientProtocolException] URI does not specify a valid host name: http:/"}
[2018-11-21T09:21:05,619][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://Master_Elasticsearch:9200"]}
[2018-11-21T09:21:05,788][INFO ][logstash.filters.geoip ] Using geoip database {:path=>"/usr/local/logstash-6.5.0/vendor/bundle/jruby/2.3.0/gems/logstash-filter-geoip-5.0.3-java/vendor/GeoLite2-City.mmdb"}
???

Eniqmatic · November 21, 2018, 9:46am

What version of ES/Logstash are you using?

BigAlbert · November 21, 2018, 9:49am

logstash = 6.5.0
kibana = 6.4.1
elasticsearch = 6.4.1

Eniqmatic · November 21, 2018, 9:51am

Can I see your logstash config file?

BigAlbert · November 21, 2018, 10:02am

input
{
file {
path => "/usr/src/octopus/MyProd-1.0.0.log"
type => "logs"
start_position => "beginning"
}

}

filter
{
grok{
match => {
"message" => "%{COMBINEDAPACHELOG}"
}
}
mutate{
convert => { "bytes" => "integer" }
}
date {
match => [ "timestamp", "dd/MMM/YYYY:HH:mm:ss Z" ]
locale => en
remove_field => "timestamp"
}
geoip {
source => "clientip"
}
useragent {
source => "agent"
target => "useragent"
}
}

output
{
stdout {
codec => dots
}

elasticsearch {
	hosts => ["172.18.0.5:9200"] --> working
	hosts => ["http://Elasticsearch:9200"] --> Not working
	index => "MyProd"
}

}

Eniqmatic · November 21, 2018, 10:20am

Have you tried with the FQDN? So the domain name at the end of the host name?

BigAlbert · November 21, 2018, 11:12am

Works fine now - Thx

Eniqmatic · November 21, 2018, 11:33am

Glad you got it, please mark the answer as solution if it helped!

system · December 19, 2018, 11:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.