Logstash failed to put logs to elasticsearch

Question

I'm trying to setup ELK environment to analysis my logs.
All of 3 tools are in one server, the ip is 192.168.1.114
and here's my logstash config:

input {
  file {
    path => "/usr/local/websrv/tomcat/logs/catalina.out"
  }
}

output {
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
  }
}

That works, however, when I changed hosts from ["127.0.0.1:9200"] to ["192.168.1.114:9200"], errors happened. I got below messages from logstash.

Attempted to send a bulk request to Elasticsearch configured at '["http://192.168.1.114:9200/"]', but Elasticsearch appears to be unreachable or down! {:client_config=>{:hosts=>["http://192.168.1.114:9200/"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil, :ssl=>{}}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :logger=>nil, :tracer=>nil, :reload_connections=>false, :retry_on_failure=>false, :reload_on_failure=>false, :randomize_hosts=>false}, :error_message=>"Connection refused", :class=>"Manticore::SocketException", :level=>:error}

Could some one advise? Thanks a lot.

Check Elasticsearch' logs from the node startup. There it should say on which IPs and ports it binded to. If 192.168.1.114 is not there, that's the reason. To fix it you need to specifically bind to that IP: elastic.co/guide/en/elasticsearch/reference/2.x/… — Andrei Stefan
You're right, I think I should re-read the document carefully..thank you. — Chao

Val Val · Accepted Answer · 2016-01-28T07:43:05

If you're using ES 2.0, this is because ES binds to localhost by default.

In order to change that, you simply need to change the following settings in your elasticsearch.yml configuration file and restart ES:

network.bind_host: 192.168.1.114

Logstash failed to put logs to elasticsearch

1 Answers