Logstash sending it's metric data to elasticsearch in localhost instead of configured host

YuWatanabe · April 12, 2017, 11:56pm

Hello

I am trying to configure x-pack monitoring for logstash but not working as expected.

As a test , I am using user elastic instead of logstash_writer as written in the doc.

I see below error log in logstash-plain.log .

[2017-04-13T08:47:20,683][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://elastic:xxxxxx@localhost:9200/, :path=>"/"}
[2017-04-13T08:47:20,686][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>#<URI::HTTP:0x2e61437e URL:http://elastic:xxxxxx@localhost:9200/_xpack/monitoring/?system_id=logstash&system_api_version=2&interval=1s>, :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@localhost:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[2017-04-13T08:47:20,733][WARN ][logstash.outputs.elasticsearch] Marking url as dead. Last error: [LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError] Elasticsearch Unreachable: [http://elastic:xxxxxx@localhost:9200/_xpack/monitoring/?system_id=logstash&system_api_version=2&interval=1s][Manticore::SocketException] Connection refused (Connection refused) {:url=>http://elastic:xxxxxx@localhost:9200/_xpack/monitoring/?system_id=logstash&system_api_version=2&interval=1s, :error_message=>"Elasticsearch Unreachable: [http://elastic:xxxxxx@localhost:9200/_xpack/monitoring/?system_id=logstash&system_api_version=2&interval=1s][Manticore::SocketException] Connection refused (Connection refused)", :error_class=>"LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError"}

I have configured my ouput filter as below.

[root@host ~]# cat /etc/logstash/conf.d/00_output_file.conf
output {
  elasticsearch {
    hosts     => ["192.168.11.13"]
    user      => "elastic"
    password  => "changeme"
  }
}

Below is snippet from logstash.yml

# ------------ Debugging Settings --------------
#
# Options for log.level:
#   * fatal
#   * error
#   * warn
#   * info (default)
#   * debug
#   * trace
#
# log.level: info
path.logs: /var/log/logstash
#
# ------------ Other Settings --------------
#
# Where to find custom plugins
# path.plugins: []

xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: changeme

I expect both of my events from filebeat and for monitoring are sent to elasticsearch but it seems that data are sent to localhost elasticsearch.

Is there any other setting which I need to be aware of to send data to elasticsearch on 192.168.11.13 ?

YuWatanabe · April 16, 2017, 12:33am

I found the proper way to configure the logstash.yml for logstash(x-pack) here

system · May 14, 2017, 12:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.