Logstrash is not connection to Elasticsearch

Yolanda_Goncalves · August 10, 2018, 2:24pm

I'm getting the follow error while trying to create a new index at elasticsearch.

[root@wazuh-server logstash]# bin/logstash -f /usr/share/logstash/logstashnessus.config
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[WARN ] 2018-08-09 10:44:05.417 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2018-08-09 10:44:07.114 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.3.1"}
[INFO ] 2018-08-09 10:44:11.903 [Converge PipelineAction::Create] pipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>1, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[INFO ] 2018-08-09 10:44:12.987 [[main]-pipeline-manager] elasticsearch - Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://192.168.56.102:9200/]}}
[INFO ] 2018-08-09 10:44:13.087 [[main]-pipeline-manager] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:13.442 [[main]-pipeline-manager] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[INFO ] 2018-08-09 10:44:13.541 [[main]-pipeline-manager] elasticsearch - New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//192.168.56.102:9200"]}
[INFO ] 2018-08-09 10:44:14.529 [Converge PipelineAction::Create] pipeline - Pipeline started successfully {:pipeline_id=>"main", :thread=>"#<Thread:0x1436171 sleep>"}
[INFO ] 2018-08-09 10:44:14.697 [Ruby-0-Thread-1: /usr/share/logstash/lib/bootstrap/environment.rb:6] agent - Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[INFO ] 2018-08-09 10:44:15.777 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2018-08-09 10:44:18.544 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:18.574 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[INFO ] 2018-08-09 10:44:23.618 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:23.626 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[INFO ] 2018-08-09 10:44:28.669 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:28.672 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[INFO ] 2018-08-09 10:44:33.718 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:33.722 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[INFO ] 2018-08-09 10:44:38.768 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:38.774 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
[INFO ] 2018-08-09 10:44:43.828 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:43.831 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}
^C[WARN ] 2018-08-09 10:44:45.347 [SIGINT handler] runner - SIGINT received. Shutting down.
[INFO ] 2018-08-09 10:44:48.899 [Ruby-0-Thread-4: :1] elasticsearch - Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://192.168.56.102:9200/, :path=>"/"}
[WARN ] 2018-08-09 10:44:48.903 [Ruby-0-Thread-4: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://192.168.56.102:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [http://192.168.56.102:9200/][Manticore::SocketException] Connection refused (Connection refused)"}

Can someone please help me?

magnusbaeck · August 10, 2018, 2:44pm

Logstash can't connect to 192.168.56.102:9200. Is that where Elasticsearch should be running? Is it running? Is there a firewall blocking the access? Make sure curl 192.168.56.102:9200 works on the Logstash host.

system · September 7, 2018, 2:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.