Telnet 192.168.112.199 9200 connection refused

we'd like to collect IIS log on windows windows, logstash and elasticesearch both installed on Linux(192.168.112.199), the following command failed on windows:

  1. telnet 192.168.112.199 9200 -> connection refused
  2. ./filebeat -e -c filebeat.yml -d "publish"
    2017/08/04 14:32:50.472924 metrics.go:34: INFO No non-zero metrics in the last 3
    0s
    2017/08/04 14:32:52.905044 single.go:140: ERR Connecting error publishing events
    (retrying): Get http://192.168.112.199:9200: dial tcp 192.168.112.199:9200: con
    nectex: No connection could be made because the target machine actively refused
    it.

filebeat.yml:
output.elasticsearch:

Array of hosts to connect to.

hosts: ["192.168.112.199:9200"]


BTW: filebeat installed on the same linux server is no problem at all:

output.elasticsearch:

Array of hosts to connect to.

hosts: ["localhost:9200"]

Well, either nothing is running on 192.168.112.199:9200 or there's a firewall blocking the access. Focus your attention on 192.168.112.199 first. Is ES running? Is it listening on the 192.168.112.199 interface? And so on. Until telnet 192.168.112.199 9200 works this is more of an Elasticsearch question.

on my 192.168.112.199, netstat -anp|grep 9200 works, I can also telnet 192.168.112.199 5043 from my windows, what does this mean on your previous answer ? " Is it listening on the 192.168.112.199 interface? "

mysqlmove@164mysqlmove:~$ netstat -anp|grep 9200
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 19901/java
tcp6 0 0 ::1:9200 :::* LISTEN 19901/java
tcp6 1 0 127.0.0.1:50810 127.0.0.1:9200 CLOSE_WAIT 29868/java
mysqlmove@164mysqlmove:~$ netstat -anp|grep 5043
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp6 0 0 :::5043 :::* LISTEN 29868/java

tcp6 0 0 127.0.0.1:9200 :::* LISTEN 19901/java
tcp6 0 0 ::1:9200 :::* LISTEN 19901/java

ES is only listening on the loopback interface, which is the default. IIRC the network.host setting must be updated. See the docs.

adding "network.host: 0.0.0.0" in elasticsearch.yml and started elasticsearch failed-> max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]->then we added two system parameters : ulimit -n 65536
sysctl -w vm.max_map_count=262144

it worked like a charm ,
Thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.