Metricbeats using port 9243 instead of 443

Using elastic cloud I am trying to connect metricbeats with the provided

I'm seeing this in the logs

{"log.level":"info","@timestamp":"2022-03-25T05:56:18.524Z","log.logger":"publisher_pipeline_output","log.origin":{"":"pipeline/client_worker.go","file.line":141},"message":"Attempting to reconnect to backoff(elasticsearch(https://{elastic_url} with 250 reconnect attempt(s)","":"metricbeat","ecs.version":"1.6.0"}

The docs here state that it should be using 443 by default.

The base64 encoded found in the Elasticsearch Service web console does not explicitly specify a port. This means that Metricbeat will default to using port 443 when using, not the commonly configured cloud endpoint port 9243.

Any idea why 9243 would be showing up in the logs if 443 should be used by default?

Using with a pretty simple metricbeat.yml

  id: ${CLOUDID}
  auth: ${CLOUDAUTH}
- module: vsphere
  enabled: true
  metricsets: ["datastore", "host", "virtualmachine"]
  period: 10s
  hosts: [""]
  username: ${USERNAME}
  password: ${PASSWORD}
  # If insecure is true, don't verify the server's certificate chain
  insecure: true
  # Get custom fields when using virtualmachine metric set. Default false.
  # get_custom_fields: false

It could be due to using an 'older' that still has port 9243 as part of it. You should base64 decode the part of the to confirm the URL does not have a port specified.

If it does, you could regenerate a new version of the that either excludes the port (9243) or explicitly specifies 443.

That was exactly the issue. Thanks for the help! I didn't see the :9243 embedded in there before.

Do you have information on how to generate a new cloud id? Does that require a new deployment? Not finding anything in the documentation.

It does not require a new deployment. Take the decoded portion and edit it as you want (replace 9243 with 443 or completely remove :9243) and just base64 encode it again. The format of the Cloud ID is the deployment name, a colon and then the encoded portion is the Cloud Provider/Region domain (with optional port number), Elasticsearch Cluster ID and Kibana ID separated by '$' characters.

Example - replace vars with your values and if you want the port or not:

echo -n '{cloud_domain}{:optional_port}${es_id}${kibana_id}' | base64
  • Make sure to use the '-n' option for the echo command so as to not encode any CR/LF chars as part of new you are generating.

Once you have that, prepend the same deployment name from your current with a colon to this new version and use this in your configuration.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.