Logstash Attempted to resurrect connection to dead ES instance, but got an error

hari.v · May 9, 2019, 1:16pm

Hi,

i am getting below error, after enable firewall on the logstash server.

i opened the port 5044 & 9600 on the both elasticsearch and logstash server.

[ERROR][logstash.monitoring.internal pipeline source] Failed to fetch XPack information from Elasticsearch. This is likely due to failure to reach a live Elasticsearch cluster

[2019-05-10T05:12:25,182][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@192.168.136.X:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@192.168.136.X:9200/][Manticore::SocketException] No route to host (Host unreachable)"}
[2019-05-10T05:12:25,214][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@192.168.136.x:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@192.168.136.X:9200/][Manticore::SocketException] No route to host (Host unreachable)"}

can help me, what i did wrong.

Thanks

hari.v · May 9, 2019, 1:22pm

logstash conf file:

input {
 beats {
   port => 5044
 }
}
filter {
if [type] == "syslog" {
    grok {
      match => { "message" => "%{SYSLOGLINE}" }
    }

    date {
match => [ "timestamp", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
  }

}
output {
 elasticsearch {
  hosts => ["http://192.168.136.x:9200", "http://192.168.136.x:9200"]
  user => "elastic"
  password => "elastic"
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
       }
stdout {
    codec => rubydebug
       }
}

Badger · May 9, 2019, 3:33pm

Did you open 9200?

hari.v · May 9, 2019, 4:12pm

yes i opened port 9200 in loagstash server

yaauie · May 9, 2019, 5:26pm

you need to open 9200 on the Elasticsearch host, and ensure that the Logstash host has a route to the Elasticsearch host.

system · June 6, 2019, 5:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.