I try strart auditbeat on my local computer through docker. However I get connection refused from elasticsearch

Question

I start auditbeat docker run --cap-add="AUDIT_CONTROL" --cap-add="AUDIT_READ" docker.elastic.co/beats/auditbeat:7.8.1 setup -E setup.kibana.host=localhost:5601 -E output.elasticsearch.hosts=["127.0.0.1:9300"] but get error Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://127.0.0.1:9300: Get http://127.0.0.1:9300: dial tcp 127.0.0.1:9300: connect: connection refused] I try user also localhost in output.elasticsearch.hosts. When I sent request by curl http://127.0.0.1:9200 I get successful response from elasticsearch. Also. Elasticsearch is deployed as docker process.

Val Val · Accepted Answer · 2020-07-31T09:24:17

You need to use the HTTP port 9200 (the same you curl with) not the TCP port 9300

-Eoutput.elasticsearch.hosts=["host.docker.internal:9200"] 
                                          ^
                                          |
                                     change this

I try strart auditbeat on my local computer through docker. However I get connection refused from elasticsearch

1 Answers