and removed any remnants of x-pack
899 sudo /usr/share/elasticsearch/bin/elasticsearch-plugin remove x-pack
900 sudo /usr/share/logstash/bin/logstash-plugin remove x-pack
and restarted all three components
but I'm still getting the errors -
[2017-10-03T15:17:45,045][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://10.x.x.x:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://10.x.x.x:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
My thought is , from the security point of view, not exposing elasticsearch to directly local network or other networks are better because you could prevent any unexpected access from other network nodes.
However, if you are setting up a production environment, you might have to setup dedicated server only for elasticsearch to assure performance. In that case, you have couple of choices to secure elasticsearch.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.