LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://localhost:9200/]

I installed x-pack on elasticsearch, kibana, and logstash.


bootstrap.memory_lock: true
transport.host: localhost
transport.tcp.port: 9300
http.port: 9200
xpack.ssl.keystore.path: certs/elastic-certificates.p12
xpack.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate


server.host: xx.xx.xx.xx
elasticsearch.url: "http://xx.xx.xx.xx:9200/"
elasticsearch.requestTimeout: 90000`
elasticsearch.username: "kibana"
elasticsearch.password: <pwd_generated>


pipeline.workers: 4
pipeline.batch.size: 5
pipeline.batch.delay: 300
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.url: http://xx.xx.xx.xx:9200/
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: <pwd_generated>

Logstash config file:

input { stdin { codec => plain { charset => "ISO-8859-1" } } }

filter { }

output {
  elasticsearch {
        hosts => ["http://xx.xx.xx.xx:9200"]
        user => "elastic"
        password => <modified_pwd>
  stdout { codec => rubydebug }

With this setting, I started elasticsearch, kibana, and logstash. Data was written into the index for about 10 mins and then it starts throwing this error:

[2018-02-05T23:20:02,277][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://localhost:9200/, :path=>"/"}
[2018-02-05T23:20:02,280][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

Any help will be appreciated! Thanks!

1 Like

Hi, I am just guessing since I am not sure what's your real set up, but I am seeing you have these 2 configs. Have you tried to use the IP instead?.

That error looks like it's coming from Logstash monitoring.
Trying configuring xpack.monitoring.elasticsearch.url (as well as .username and .password)

1 Like

i have the same issue.
but my elastic search is on localhost:9200
i creater the itenral user gave it the writter role added it to the .conf
and to the logstash.yml i added the logstash_system which i previously set a password for.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.