Logstash join to ES error

Tade · February 12, 2018, 3:05pm

HI,
logstash cant join to elasticsearch. How i can fix it?

[2018-02-11T23:59:17,488][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.201.30:9200/, :path=>"/"}

[2018-02-11T23:59:17,491][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.201.30:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::P$

etc/logstash/conf.d:

input {
 file {
  path => "/var/log/test.log"
  start_position => "beginning"
}
  udp {
    host => "192.168.201.30"
    port => "10514"
    codec => "json"
    type => "rsyslog"
  }
}
filter {}
output {
index => "new"
  if [type] == "rsyslog" {
    elasticsearch {
      hosts => ["192.168.201.30:9200"]
    }
  }
}

Thanks

_Alex · February 12, 2018, 3:27pm

Have you recently installed X-Pack? I had this problem until I added the below lines to logstash.yml:

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: http://192.168.201.30:9200

Tade · February 12, 2018, 3:34pm

Hi, x-pack isnt installed on server.

Jon_D · February 12, 2018, 3:52pm

Is Logstash running on the same machine as Elasticsearch? I'd suggest you check if Elasticsearch is listening, for example by using curl -XGET "192.168.201.30:9200/". This should return basic information about your Elasticsearch node running on that address and the cluster it belongs to.

Tade · February 13, 2018, 7:18am

Yes, logstash i running on same machine as ES.
Command curl work:

{
  "name" : "syslogSTORE",
  "cluster_name" : "syslog",
  "cluster_uuid" : "x63VkzfJTtSndsx4v7ucEg",
  "version" : {
    "number" : "5.6.7",
    "build_hash" : "4669214",
    "build_date" : "2018-01-25T21:14:50.776Z",
    "build_snapshot" : false,
    "lucene_version" : "6.6.1"
  },
  "tagline" : "You Know, for Search"
}
cadmin@syslog:~$

Jon_D · February 13, 2018, 7:24am

Can you telnet to this machine on 192.168.201.30 port 9200 from another machine in the same network?

Tade · February 13, 2018, 7:38am

Yes, telnet is working from another machine.

Jon_D · February 13, 2018, 9:14am

Can you remove this from the pipeline config or put it inside the elasticsearch {} output?

system · March 13, 2018, 9:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.