Unable to connect to elasticstack from other machines

Dhulem · April 25, 2019, 6:42pm

I am an elasticstack noob so sorry for the noob question. As the title says I am unable to connect to my elasticstack machine remotely, on the same subnet. I can open port 9200 locally on the machine but the server is rejecting my requests.

I found the following article, https://www.elastic.co/guide/en/elasticsearch/reference/7.0/modules-network.html#network-interface-values which states that this is by default.

However I am unable to find any config file/yml that I can edit which has network.host location.

I assume this is why my winlogbeat data cannot make it to my server.

Any help would be appreciated.

spinscale · April 26, 2019, 6:30am

The file you need to edit is the elasticsearch.yaml file. Depending how you installed Elasticsearch it might be in the directory you unpacked in the config/ directory, or in /etc/elasticsearch/ if you used one of the deb or rpm packages for installation.

Dhulem · April 26, 2019, 6:12pm

Sorry I did not mention I am running on windows.

I just tried installing on Linux ubuntu 19 and I can't even curl to localhost:9200

spinscale · April 26, 2019, 7:52pm

Elasticsearch is not started by default, you need to start it explicitely when installing the debian package.

That said, the behaviour to only listen on local network interfaces is the same under windows and linux. I am however not sure where the configuration file is placed under windows, how did you install Elasticsearch?

Dhulem · April 26, 2019, 8:07pm

I installed with the MSI installer.

It is installed under the default locations.

BIN = C:\Program Files\Elastic\Elasticsearch\7.0.0
Config = C:\ProgramData\Elastic\Elasticsearch

This is my elasticsearch.yml file, i just added network.host: after watching and reading more.

bootstrap.memory_lock: false
cluster.name: elasticsearch
http.port: 9200
node.data: true
node.ingest: true
node.master: true
node.max_local_storage_nodes: 1

node.name: GRFSEARCH
path.data: C:\ProgramData\Elastic\Elasticsearch\data
path.logs: C:\ProgramData\Elastic\Elasticsearch\logs
network.host: 0.0.0.0
transport.tcp.port: 9300
xpack.license.self_generated.type: basic
xpack.security.enabled: false

I can ping from different computer without issue. Windows firewall is turned off I also tried opening port 9200 when the firewall was enabled.

I can get to http://localhost:9200 without issue.

kclubb · April 26, 2019, 8:16pm

I have the same problem: Windows 2016, firewall off, works local but not remote.

Dhulem · April 26, 2019, 8:16pm

I think I just found it for elasticsearch. Add http.host: 0.0.0.0 to the yml file.

kclubb · April 26, 2019, 8:26pm

that works for me too! thanks!

system · May 24, 2019, 8:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.