No connection could be made because the target machine actively refused it

Elastic Stack Beats
1

I have searched all the other posts on this topic, but none of the other answers seemed to help resolve my problem.

My configuration is pretty simple. It's basically straight out of the documentation.

I have Elasticsearch and Kibana on a Linux server, IP address X.X.X.X.

I have a Windows client with winbeatlogin installed at IP address X.X.X.Y

Elasticsearch is configured to listen on localhost:9200 as per the install manual.

Winbeatlogin is configured to point to Kiban at X.X.X.X:5601
and to elasticseatch at http://X.X.X.X:9200 and I have added the username and
password for a local administrative user.

winbeatlogin.yml

setup.kibana:
  host: "X.X.X.X:5601"
  
output.elasticsearch:
  hosts: ["X.X.X.X:9200"]
  username: "admin_some.user"
  password: "xxxxxxxxx"

elasticsearch.yml

network.host: localhost
http.port: 9200

when I run the winlogbeat.exe.test outout, I get the following:

PS C:\Program Files\Winlogbeat> .\winlogbeat.exe test output
elasticsearch: http://elastic-poc.aechelon.com:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 10.0.5.65
    dial up... ERROR dial tcp 10.0.5.65:9200: connectex: No connection could be made because the target machine actively refused it.

I have tried changing the network.host in elasticsearch.yml to the IP address of the server, but whenever I do that elasticsearch refuses to start. I feel like I am missing something fundamental, but I'm not finding what I'm looking for in the documentation.

Any help would be appreciated.

2

If you set network.host to localhost you won't be able to connect to your elasticsearch instance for other hosts, you need to set it to the IP address of the server.

Since you said that when you did that elasticsearch didn't started, you probably have some error in your configuration or is missing some bootstraps checks.

Share your full elasticsearch.yml and the error log when you try to start elasticsearch using the IP address of the server.

3

When you change network.host you're putting it into production mode. https://www.elastic.co/guide/en/elasticsearch/reference/7.9/bootstrap-checks.html#dev-vs-prod-mode

If you set http.host: 0.0.0.0 I think it will allow you to start in dev mode.

4

Thank you for jumping in Leandro and Andrew. As it turns out my problem had to do with the fact that my system is not built as a cluster, but is a small, all-in-one system.

Marc54g on Elasticsearch's slack channel got me pointed in the right direction. I needed to add the line discovery.type: single-node to my elasticsearch.yml file, as well as change the network.host entry to 0.0.0.0.

After that the data just started pouring in. I just needed to walk through setting up the index patterns and Viola'! I have data to search!

Thanks again to Leandro and Andrew for stepping in to help, and to everyone who read my request for help as well.