After setting up everything. suddenly logstash just keep trying to connect to 127.0.0.1
my ES is running on IP address
[2018-09-26T16:09:48,981][INFO ][logstash.pipeline ] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>4, "pipeline.batch.size"=>256, "pipeline.batch.delay"=>50}
[2018-09-26T16:09:49,505][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://10.29.248.229:9200/]}}
[2018-09-26T16:09:49,505][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://127.0.0.1:9200/]}}
[2018-09-26T16:09:49,517][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://127.0.0.1:9200/, :path=>"/"}
[2018-09-26T16:09:49,519][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://10.29.248.229:9200/, :path=>"/"}
[2018-09-26T16:09:49,720][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://127.0.0.1:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://127.0.0.1:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[2018-09-26T16:09:49,737][WARN ][logstash.outputs.elasticsearch] Restored connection to ES instance {:url=>"http://10.29.248.229:9200/"}
[2018-09-26T16:09:49,752][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//127.0.0.1"]}
[2018-09-26T16:09:49,825][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>6}
[2018-09-26T16:09:49,832][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2018-09-26T16:09:49,838][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://10.29.248.229:9200"]}
[2018-09-26T16:09:50,057][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://10.29.248.229:9200/]}}
[2018-09-26T16:09:50,058][INFO ][logstash.licensechecker.licensereader] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://10.29.248.229:9200/, :path=>"/"}
[2018-09-26T16:09:50,063][WARN ][logstash.licensechecker.licensereader] Restored connection to ES instance {:url=>"http://10.29.248.229:9200/"}
[2018-09-26T16:09:50,069][INFO ][logstash.licensechecker.licensereader] ES Output version determined {:es_version=>6}
[2018-09-26T16:09:50,069][WARN ][logstash.licensechecker.licensereader] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2018-09-26T16:09:50,125][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x65177419 run>"}
[2018-09-26T16:09:50,296][INFO ][logstash.pipeline ] Pipeline started successfully {:pipeline_id=>".monitoring-logstash", :thread=>"#<Thread:0x3353a003@/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:46 sleep>"}
[2018-09-26T16:09:50,357][INFO ][logstash.agent ] Pipelines running {:count=>2, :running_pipelines=>[:main, :".monitoring-logstash"], :non_running_pipelines=>[]}
[2018-09-26T16:09:50,379][INFO ][logstash.inputs.metrics ] Monitoring License OK
[2018-09-26T16:09:51,075][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2018-09-26T16:09:54,739][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://127.0.0.1:9200/, :path=>"/"}
why it is keep going to 127.0.0.1
where is that configure? I try to look for all dir and see if there is any default one going there.