Logstash and Elastisearch doesn't communicate

Elastic Stack Elasticsearch
1

Helloy everyone,

I have installed elasticsearch-1.0.1-1.noarch and
logstash-1.3.3-flatjar.jar. I can't make logstash communicate to
elasticsearch.

In elasticsearch.yml I have set just the cluster name (the rest is the
default configuration). And I have this logstash.conf file (very simple):

input {
file {
type => "linux-syslog"
path => [ "/var/log/messages"]
}
}
output {
elasticsearch {
embedded => false
cluster => "my_cluster"
}
}

Elasticsearch is running and for testing I execute:

java -jar /opt/logstash/logstash-1.3.3-flatjar.jar agent -f
/opt/logstash/logstash.conf

But it doesn't work.

I can see in my_cluster.log these errors:

[2014-02-27 17:34:34,863][WARN ][discovery.zen.ping.multicast] [X-Man]
failed to read requesting data from /192.168.13.17:54328
java.io.IOException: No transport address mapped to [21345]
at
org.elasticsearch.common.transport.TransportAddressSerializers.addressFromStream(TransportAddressSerializers.java:71)
at
org.elasticsearch.cluster.node.DiscoveryNode.readFrom(DiscoveryNode.java:267)
at
org.elasticsearch.cluster.node.DiscoveryNode.readNode(DiscoveryNode.java:257)
at
org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$Receiver.run(MulticastZenPing.java:410)
at java.lang.Thread.run(Thread.java:744)

And in the java execution screen:

log4j, [2014-02-27T17:35:01.851] WARN: org.elasticsearch.discovery:
[Sabreclaw] waited for 30s and no initial state was set by the discovery

I assume they are not connecting each other (nodes with different names,
failing request, no transport...).

Any idea about what is wrong with my elasticsearch + logstash configuration?

Thank you very much in advanced.
Kind regards.

Héctor Moreno Blanco.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/fe368303-bea5-44d3-beed-c543b56be214%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

2

I had a similar issue and the problem was the .conf file in logstash. I had to ensure tcp input type was set to codex => "json"

3

Logstash 1.3.3 is meant to work with Elasticsearch 0.90.9. See "VERSION
NOTE" in Elasticsearch output plugin | Logstash Reference [8.11] | Elastic

On Thu, Feb 27, 2014 at 8:47 AM, Héctor Moreno Blanco <
hector.moreno.blanco@gmail.com> wrote:

Helloy everyone,

I have installed elasticsearch-1.0.1-1.noarch and
logstash-1.3.3-flatjar.jar. I can't make logstash communicate to
elasticsearch.

In elasticsearch.yml I have set just the cluster name (the rest is the
default configuration). And I have this logstash.conf file (very simple):

input {
file {
type => "linux-syslog"
path => [ "/var/log/messages"]
}
}
output {
elasticsearch {
embedded => false
cluster => "my_cluster"
}
}

Elasticsearch is running and for testing I execute:

java -jar /opt/logstash/logstash-1.3.3-flatjar.jar agent -f
/opt/logstash/logstash.conf

But it doesn't work.

I can see in my_cluster.log these errors:

[2014-02-27 17:34:34,863][WARN ][discovery.zen.ping.multicast] [X-Man]
failed to read requesting data from /192.168.13.17:54328
java.io.IOException: No transport address mapped to [21345]
at
org.elasticsearch.common.transport.TransportAddressSerializers.addressFromStream(TransportAddressSerializers.java:71)
at
org.elasticsearch.cluster.node.DiscoveryNode.readFrom(DiscoveryNode.java:267)
at
org.elasticsearch.cluster.node.DiscoveryNode.readNode(DiscoveryNode.java:257)
at
org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$Receiver.run(MulticastZenPing.java:410)
at java.lang.Thread.run(Thread.java:744)

And in the java execution screen:

log4j, [2014-02-27T17:35:01.851] WARN: org.elasticsearch.discovery:
[Sabreclaw] waited for 30s and no initial state was set by the discovery

I assume they are not connecting each other (nodes with different names,
failing request, no transport...).

Any idea about what is wrong with my elasticsearch + logstash
configuration?

Thank you very much in advanced.
Kind regards.

Héctor Moreno Blanco.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fe368303-bea5-44d3-beed-c543b56be214%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CADa-AwcCq2uJJCX7HDNyvF7Ms0AHzYGE8t6Ws-ZPpVzPdiryvA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

4

You're better off using the elasticsearch_http output.

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 28 February 2014 05:16, Sean Clemmer sclemmer@bluejeansnet.com wrote:

Logstash 1.3.3 is meant to work with Elasticsearch 0.90.9. See "VERSION
NOTE" in Elasticsearch output plugin | Logstash Reference [8.11] | Elastic

On Thu, Feb 27, 2014 at 8:47 AM, Héctor Moreno Blanco <
hector.moreno.blanco@gmail.com> wrote:

Helloy everyone,

I have installed elasticsearch-1.0.1-1.noarch and
logstash-1.3.3-flatjar.jar. I can't make logstash communicate to
elasticsearch.

In elasticsearch.yml I have set just the cluster name (the rest is the
default configuration). And I have this logstash.conf file (very simple):

input {
file {
type => "linux-syslog"
path => [ "/var/log/messages"]
}
}
output {
elasticsearch {
embedded => false
cluster => "my_cluster"
}
}

Elasticsearch is running and for testing I execute:

java -jar /opt/logstash/logstash-1.3.3-flatjar.jar agent -f
/opt/logstash/logstash.conf

But it doesn't work.

I can see in my_cluster.log these errors:

[2014-02-27 17:34:34,863][WARN ][discovery.zen.ping.multicast] [X-Man]
failed to read requesting data from /192.168.13.17:54328
java.io.IOException: No transport address mapped to [21345]
at
org.elasticsearch.common.transport.TransportAddressSerializers.addressFromStream(TransportAddressSerializers.java:71)
at
org.elasticsearch.cluster.node.DiscoveryNode.readFrom(DiscoveryNode.java:267)
at
org.elasticsearch.cluster.node.DiscoveryNode.readNode(DiscoveryNode.java:257)
at
org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$Receiver.run(MulticastZenPing.java:410)
at java.lang.Thread.run(Thread.java:744)

And in the java execution screen:

log4j, [2014-02-27T17:35:01.851] WARN: org.elasticsearch.discovery:
[Sabreclaw] waited for 30s and no initial state was set by the discovery

I assume they are not connecting each other (nodes with different names,
failing request, no transport...).

Any idea about what is wrong with my elasticsearch + logstash
configuration?

Thank you very much in advanced.
Kind regards.

Héctor Moreno Blanco.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fe368303-bea5-44d3-beed-c543b56be214%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CADa-AwcCq2uJJCX7HDNyvF7Ms0AHzYGE8t6Ws-ZPpVzPdiryvA%40mail.gmail.com
.

For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624ZVW2KvARodBtcLzWocYfB8dt6RGpi0_j4XXetDVC6A1g%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.

5

Logstash 1.4 is due for release soon, and will include support for
Elasticsearch 1.0.x.

On Thursday, February 27, 2014 1:16:37 PM UTC-5, Sean Clemmer wrote:

Logstash 1.3.3 is meant to work with Elasticsearch 0.90.9. See "VERSION
NOTE" in Elasticsearch output plugin | Logstash Reference [8.11] | Elastic

On Thu, Feb 27, 2014 at 8:47 AM, Héctor Moreno Blanco <
hector.mor...@gmail.com <javascript:>> wrote:

Helloy everyone,

I have installed elasticsearch-1.0.1-1.noarch and
logstash-1.3.3-flatjar.jar. I can't make logstash communicate to
elasticsearch.

In elasticsearch.yml I have set just the cluster name (the rest is the
default configuration). And I have this logstash.conf file (very simple):

input {
file {
type => "linux-syslog"
path => [ "/var/log/messages"]
}
}
output {
elasticsearch {
embedded => false
cluster => "my_cluster"
}
}

Elasticsearch is running and for testing I execute:

java -jar /opt/logstash/logstash-1.3.3-flatjar.jar agent -f
/opt/logstash/logstash.conf

But it doesn't work.

I can see in my_cluster.log these errors:

[2014-02-27 17:34:34,863][WARN ][discovery.zen.ping.multicast] [X-Man]
failed to read requesting data from /192.168.13.17:54328
java.io.IOException: No transport address mapped to [21345]
at
org.elasticsearch.common.transport.TransportAddressSerializers.addressFromStream(TransportAddressSerializers.java:71)
at
org.elasticsearch.cluster.node.DiscoveryNode.readFrom(DiscoveryNode.java:267)
at
org.elasticsearch.cluster.node.DiscoveryNode.readNode(DiscoveryNode.java:257)
at
org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$Receiver.run(MulticastZenPing.java:410)
at java.lang.Thread.run(Thread.java:744)

And in the java execution screen:

log4j, [2014-02-27T17:35:01.851] WARN: org.elasticsearch.discovery:
[Sabreclaw] waited for 30s and no initial state was set by the discovery

I assume they are not connecting each other (nodes with different names,
failing request, no transport...).

Any idea about what is wrong with my elasticsearch + logstash
configuration?

Thank you very much in advanced.
Kind regards.

Héctor Moreno Blanco.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/fe368303-bea5-44d3-beed-c543b56be214%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/1a968e11-8493-4d8e-b16d-a1146fc474c5%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

6

If it's not obvious, Mark's comment is exactly what you need to do,

Replace in the logstash output

elasticsearch

with

elasticsearch_http

This and other things you may want to know if you're running the logstash tutorials are included in a wiki I posted
http://en.opensuse.org/User:Tsu2/elasticsearch_1.0

Tony

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/2f6ffea0-8720-4f39-885c-49161f487902%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

7

Hello everybody,

Thank you for the help and advices.
I think I'll try first the change of versions. When it works, I'll give
elasticsearch_http a try.

thank you very much.
Kind regards.

Héctor Moreno
El 28/02/2014 16:17, "Tony Su" tonysu999@gmail.com escribió:

If it's not obvious, Mark's comment is exactly what you need to do,

Replace in the logstash output

elasticsearch

with

elasticsearch_http

This and other things you may want to know if you're running the logstash
tutorials are included in a wiki I posted
User:Tsu2/elasticsearch 1.0 - openSUSE Wiki

Tony

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/UqwUXHZQ7Hk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/2f6ffea0-8720-4f39-885c-49161f487902%40googlegroups.com
.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAD4-sc_e1fPdgnO7eGzX%3DCFfb%2BVYa%2BQcUKKUbFX74m6vEGcOcA%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.