Hi Team,
The filebeat seems to be running, but giving the following error.
transport.go:125: SSL client failed to connect with: dial tcp <IP address where elastic search, logstash and kibana are hosted>: getsockopt: connection refused
All the services in ELK are running
@Vishnu_Murty I have a few question to help debug that issue.
curl "http:/remoteip:9200"curl "http://xx.xx.xx.xx:9200"
curl: (7) Failed connect to xx.xx.xx.x:9200; Connection refused
The above is error which I receive when I execute curl "http://xx.xx.xx.xx:9200"
This should have https not http
curl "https://remoteip:9200"
Is Elasticsearch listening to the right IP address, by default it answer to localhost.
Did you set these options?
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
network.host: localhost
http.port: 9200
root@ELK-Stack-Log-ubuntu:/etc/elasticsearch# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2018-08-03 10:33:34 UTC; 1 months 9 days ago
Docs: http://www.elastic.co
Process: 1888 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
Main PID: 1892 (java)
Tasks: 52
Memory: 1.6G
CPU: 3d 22h 39min 8.383s
CGroup: /system.slice/elasticsearch.service
└─1892 /usr/bin/java -Xms256m -Xmx2g -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+Hea
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at sun.nio.fs.UnixFileSystemProvider.newDirectoryStream(UnixFileSystemProvider.java:427)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at java.nio.file.Files.newDirectoryStream(Files.java:457)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FSDirectory.listAll(FSDirectory.java:191)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FSDirectory.listAll(FSDirectory.java:203)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.elasticsearch.index.store.FsDirectoryService$1.listAll(FsDirectoryService.java:127)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FilterDirectory.listAll(FilterDirectory.java:57)
Sep 12 04:31:40 ELK-Stack-Log-ubuntu elasticsearch[1892]: at org.apache.lucene.store.FilterDirectory.listAll(FilterDirectory.java:57)
@murthy.mvvs I supposed Filebeat and Elasticsearch are on two different machines? By for security reason, elasticsearch will only answer requests from localhost (same machine), if you want to receive events from another machine, you have to make sure you bind it to the correct IP it need to listen to.
# replace the X with the IP address and restart elasticsearch.
network.host: XXX.XXX.XXX.XXX
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.