I am an elasticstack noob so sorry for the noob question. As the title says I am unable to connect to my elasticstack machine remotely, on the same subnet. I can open port 9200 locally on the machine but the server is rejecting my requests.
I found the following article, https://www.elastic.co/guide/en/elasticsearch/reference/7.0/modules-network.html#network-interface-values which states that this is by default.
However I am unable to find any config file/yml that I can edit which has network.host location.
I assume this is why my winlogbeat data cannot make it to my server.
Any help would be appreciated.
The file you need to edit is the
elasticsearch.yaml file. Depending how you installed Elasticsearch it might be in the directory you unpacked in the
config/ directory, or in
/etc/elasticsearch/ if you used one of the deb or rpm packages for installation.
Sorry I did not mention I am running on windows.
I just tried installing on Linux ubuntu 19 and I can't even curl to localhost:9200
Elasticsearch is not started by default, you need to start it explicitely when installing the debian package.
That said, the behaviour to only listen on local network interfaces is the same under windows and linux. I am however not sure where the configuration file is placed under windows, how did you install Elasticsearch?
I installed with the MSI installer.
It is installed under the default locations.
BIN = C:\Program Files\Elastic\Elasticsearch\7.0.0
Config = C:\ProgramData\Elastic\Elasticsearch
This is my elasticsearch.yml file, i just added network.host: after watching and reading more.
I can ping from different computer without issue. Windows firewall is turned off I also tried opening port 9200 when the firewall was enabled.
I can get to http://localhost:9200 without issue.
I have the same problem: Windows 2016, firewall off, works local but not remote.
I think I just found it for elasticsearch. Add http.host: 0.0.0.0 to the yml file.
that works for me too! thanks!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.