Logstash not allowed to talk with elasticsearch (Manticore::SocketException]

Hi,

Im using docker-elk with version 6.2.2 on my 16.04 Ubuntu Server with X-Pack.
The issue is when i start my docker containers logstash keeps spamming:

[WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

What I've tried:
*I disabled the X-Pack reporting feature in the *.yml files from ELK.
*I queried my elasticsearch locally to see if I am able to access it with the elastic superuser and it worked.

Output from my logstash.conf:
output { if "nessus" in [tags] or [type] == "nessus" { #stdout { codec => rubydebug } elasticsearch { hosts => [ "localhost:9200" ] user => "elastic" password => "xxx" index => "logstash-vulnwhisperer-%{+YYYY.MM}" } } }

logstash.yml:
http.host: "0.0.0.0" path.config: /usr/share/logstash/pipeline xpack.monitoring.enabled: false

elasticsearch.yml:
cluster.name: "docker-cluster" network.host: 0.0.0.0 discovery.type: single-node xpack.monitoring.enabled: false

I'm fighting with this issue for 8 hours now and I couldn't find a fix for this.
Please give me a spark of hope.

Regards

1 Like

Solved the issue. Instead of "localhost" in logstash.conf I typed the name of the docker container who he is speaking to.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.