I have just installed a new ELK 5.0 Server on Ubuntu 15.04. Kibana/Elasticsearch/Logstash 5.0
I am able to login to Kibana and for a few minutes I saw some logs coming in but then they stopped. At the moment it's only really getting it's own logs.
I installed topbeat/filebeat/metricbeat and configured it to send to Elasticsearch and Logstash. Perhaps I made a mistake in the topbeat/filebeat/metribeat.yml files as when I run this:
Metribeat is running just fine but I am not sure if I configured it correctly. Also since I am setting the output to Elasticsearch do I don't need to also set the output to Logstash correct? This is a stand alone server that has all ELK installed. I imported the Dashboards which don't works 'cause there is no logs.
I keep seeing this in /var/log/metricbeat
Also Logstash is installed but I get these errors in /var/log/logstash:
[2016-10-26T17:47:09,514][WARN ][logstash.outputs.elasticsearch] UNEXPECTED POOL ERROR {:e=>#<LogStash::Outputs::ElasticSearch::HttpClient::Pool::NoConnectionAvailableError: No Available connections>}
You normally only want to enable either the Elasticsearch or the Logstash output, but not both. So for Metricbeat, just enable the elasticsearch output to localhost:9200 to get started. If you running ES on the same machine then you should be able to just use the default Metricbeat configuration.
I removed filebeat and topbeat so that I can just make metricbeat work, I dpkg it, it shows in /etc/metricbeat/ and I edited the metricbeat.yml to point to itself. I then start metricbeat which starts ok, no errors and then I run this and I get no hits so kibana has nothing
elk@kibana:/etc/metricbeat$ sudo service metricbeat status
metricbeat.service - LSB: Sends metrics to Elasticsearch.
Loaded: loaded (/etc/init.d/metricbeat)
Active: active (exited) since Thu 2016-10-27 10:17:49 PDT; 32s ago
Docs: man:systemd-sysv-generator(8)
Process: 24091 ExecStart=/etc/init.d/metricbeat start (code=exited, status=0/SUCCESS)
Main PID: 23918 (code=exited, status=203/EXEC)
CGroup: /system.slice/metricbeat.service
Oct 27 10:17:49 kibana systemd[1]: Starting LSB: Sends metrics to Elasticsearch....
Oct 27 10:17:49 kibana systemd[1]: Started LSB: Sends metrics to Elasticsearch..
Oh and I tried setting up metricbeat on another CentOS box, pointing to my ELK server but I keep getting a"Connection refused" when I try to to test Metricbeat so this might explain also why I can't get any metricbeats to the ELK server itself.
I removed metricbeat package as well, I re-configured it again and this time it worked : S
Maybe when I tried to configure all the other beats something happened? Ok so the ELK server itself is working just fine but.... now the other server(s) can't send logs to my ELK server. I keep seeing that error: "curl: (7) Failed to connect to kibana.domain.com:9200; Connection refused
Again, the ELK server (kibana) has the Firewall Disabled. I'm able to ping the ELK server from that other box but can't send metric logs to it. Any idea?
Based on netstat, your ES server is only listening on localhost so you won't be able to connect to 9200 from a remote host.
You need to configure Elasticsearch to listen on something other than loopback. Set the network.host option in the /etc/elasticsearch/elasticsearch.yml file. This will trigger the bootstrap checks if you are using 5.0.
Thanks! I appreciate your help, I originally changed it to network.host IP.of.ELK but that just basically crashed ElasticSearch all together. Changed it to 0.0.0.0 and it worked like a charm.
Thanks for helping me out Andrew! Couldn't have done it without you
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.