I'm trying to setup ELK environment to analysis my logs.
All of 3 tools are in one server, the ip is 192.168.1.114
and here's my logstash config:
input {
file {
path => "/usr/local/websrv/tomcat/logs/catalina.out"
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
}
}
That works, however, when I changed hosts from ["127.0.0.1:9200"] to ["192.168.1.114:9200"], errors happened. I got below messages from logstash.
Attempted to send a bulk request to Elasticsearch configured at '["http://192.168.1.114:9200/"]', but Elasticsearch appears to be unreachable or down! {:client_config=>{:hosts=>["http://192.168.1.114:9200/"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil, :ssl=>{}}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :logger=>nil, :tracer=>nil, :reload_connections=>false, :retry_on_failure=>false, :reload_on_failure=>false, :randomize_hosts=>false}, :error_message=>"Connection refused", :class=>"Manticore::SocketException", :level=>:error}
Could some one advise? Thanks a lot.
192.168.1.114
is not there, that's the reason. To fix it you need to specifically bind to that IP: elastic.co/guide/en/elasticsearch/reference/2.x/… – Andrei Stefan