Logstash unable to reach Elasticsearch

Elastic Stack Logstash
, , ,
1

Hi All,

I am new to elastic stack and set it up on two instances on AWS. My main objective of this demonstration is to show that we can forward the application/machine logs to kibana dashboard.

  1. One EC2 instance is running two docker containers one each for Elasticsearch & Kibana. Both containers are connected to each other which I had verified.

  2. Another EC2 instance is running Logstash container. I have one application which is constantly generating logs on this host. Note that this application is not running inside any container.

Basically my logstash.conf looks something like below.

input {
file {
path => "/var/log/logify/app.log"
start_position => "beginning"
}
}
filter {
if [message] =~ /^{.}$/ {
json {
source => "message"
}
}
mutate {
remove_field => ["event", "message", "emailAddress"]
add_field => { "env" => "development" }
}
}
output {
elasticsearch {
hosts => ["https://:9200"]
index => "my-index"
ssl_verification_mode => "none"
user=> "elastic"
password=> "1tA0JWcRNL0d*lE9S4Kh"
}
}

Even though the Elasticsearch configuration looks okay but it shows below error. It says Elasticsearch host not reachable by logstash, can anyone please guide ?

[2025-09-10T18:19:54,694][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"No Available connections", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::NoConnectionAvailableError}
[2025-09-10T18:19:54,695][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}
[2025-09-10T18:20:24,695][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"No Available connections", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::NoConnectionAvailableError}
[2025-09-10T18:20:24,695][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}
[2025-09-10T18:20:24,703][INFO ][logstash.licensechecker.licensereader] Failed to perform request {:message=>"elasticsearch: Name or service not known", :exception=>Manticore::ResolutionFailure, :cause=>#<Java::JavaNet::UnknownHostException: elasticsearch: Name or service not known>}
[2025-09-10T18:20:24,703][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elasticsearch:9200/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://elasticsearch:9200/\\][Manticore::ResolutionFailure] elasticsearch: Name or service not known"}
[2025-09-10T18:20:54,694][ERROR][logstash.licensechecker.licensereader] Unable to retrieve Elasticsearch cluster info. {:message=>"No Available connections", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::NoConnectionAvailableError}
[2025-09-10T18:20:54,697][ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"No Available connections"}
[2025-09-10T18:20:54,719][INFO ][logstash.licensechecker.licensereader] Failed to perform request {:message=>"elasticsearch: Name or service not known", :exception=>Manticore::ResolutionFailure, :cause=>#<Java::JavaNet::UnknownHostException: elasticsearch: Name or service not known>}
[2025-09-10T18:20:54,719][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elasticsearch:9200/", :exception=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://elasticsearch:9200/\\][Manticore::ResolutionFailure] elasticsearch: Name or service not known"}

2

What is the hosts configuration? If your Logstash is running on a Container on a different VM from your Elasticsearch container, your hosts configuration should reflect that and point to the IP address of the VM running the Elasticsearch container.

This is more a network issue than an Logstash/Elasticsearch issue.

3

I did mention that in the hosts part of the Logstash configuration. I just removed the IP address from below line. Is there anything else which I need to modify, can you give example please ?

hosts => ["https://:9200"]

4

Where? I could not find any mention on your original post, so it is not clear what is the IP you are using.

For example, iff your Elasticsearch container is running on a VM with the ip 10.0.0.1 and your Logstash container is running on a VM with the IP 10.0.0.2, then your Logstash configuration should point to the IP of the Elasticsearch VM.

hosts => ["https://10.0.0.1:9200"]

You also needs to make sure that the port of your Elasticsearch container is exposed and accessible on the 10.0.0.1 IP Address, and the the Logstash machine can connect to it.

As mentioned, this is a network issue.

Can you share your docker compose files for each VM?

5

Yeah I think it’s a network issue only. Because I was correctly mentioning my container IP address with port 9200 in logstash.conf file.

And for now I am not using docker compose template just trying to get this with docker commands. Do you want me to share these ?