Hi,
Im using docker-elk with version 6.2.2 on my 16.04 Ubuntu Server with X-Pack.
The issue is when i start my docker containers logstash keeps spamming:
[WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://elastic:xxxxxx@localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
What I've tried:
*I disabled the X-Pack reporting feature in the *.yml files from ELK.
*I queried my elasticsearch locally to see if I am able to access it with the elastic superuser and it worked.
Output from my logstash.conf:
output { if "nessus" in [tags] or [type] == "nessus" { #stdout { codec => rubydebug } elasticsearch { hosts => [ "localhost:9200" ] user => "elastic" password => "xxx" index => "logstash-vulnwhisperer-%{+YYYY.MM}" } } }
logstash.yml:
http.host: "0.0.0.0" path.config: /usr/share/logstash/pipeline xpack.monitoring.enabled: false
elasticsearch.yml:
cluster.name: "docker-cluster" network.host: 0.0.0.0 discovery.type: single-node xpack.monitoring.enabled: false
I'm fighting with this issue for 8 hours now and I couldn't find a fix for this.
Please give me a spark of hope.
Regards