Transport.go 125 SSL client failed to connect with dial tcp <IP:Address of ELK>5044 getsockopt connection refused

Hi Team,
The filebeat seems to be running, but giving the following error.
transport.go:125: SSL client failed to connect with: dial tcp <IP address where elastic search, logstash and kibana are hosted>: getsockopt: connection refused

All the services in ELK are running

@Vishnu_Murty I have a few question to help debug that issue.

  • Can you include your filebeat configuration in this thread.
  • I believe you are using the elasticsearch output in the filebeat configuration, if so can you do a web request to the elasticsearch api from the filebeat machine?
curl "http:/remoteip:9200"

curl "http://xx.xx.xx.xx:9200"

curl: (7) Failed connect to xx.xx.xx.x:9200; Connection refused

The above is error which I receive when I execute curl "http://xx.xx.xx.xx:9200"

This should have https not http

curl "https://remoteip:9200"

Is Elasticsearch listening to the right IP address, by default it answer to localhost.
Did you set these options?

#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.

---------------------------------- Network -----------------------------------

Set the bind address to a specific IP (IPv4 or IPv6):

network.host: localhost

Set a custom port for HTTP:

http.port: 9200

For more information, see the documentation at:

<http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html&gt;

--------------------------------- Discovery ----------------------------------

Pass an initial list of hosts to perform discovery when new node is started:

The default list of hosts is ["127.0.0.1", "[::1]"]

root@ELK-Stack-Log-ubuntu:/etc/elasticsearch# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-08-03 10:33:34 UTC; 1 months 9 days ago
Docs: http://www.elastic.co
Process: 1888 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 1892 (java)
Tasks: 52
Memory: 1.6G
CPU: 3d 22h 39min 8.383s
CGroup: /system.slice/elasticsearch.service
└─1892 /usr/bin/java -Xms256m -Xmx2g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+Hea

Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:427)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at java.nio.file.Files.newDirectoryStream(Files.java:457)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FSDirectory.listAll(FSDirectory.java:191)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FSDirectory.listAll(FSDirectory.java:203)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.elasticsearch.index.store.FsDirectoryService$1.listAll(FsDirectoryService.java:127)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FilterDirectory.listAll(FilterDirectory.java:57)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FilterDirectory.listAll(FilterDirectory.java:57)

@murthy.mvvs I supposed Filebeat and Elasticsearch are on two different machines? By for security reason, elasticsearch will only answer requests from localhost (same machine), if you want to receive events from another machine, you have to make sure you bind it to the correct IP it need to listen to.

# replace the X with the IP address and restart elasticsearch.
network.host: XXX.XXX.XXX.XXX

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.