L
L
likejavascript2013-08-12 22:34:31
elasticsearch
likejavascript, 2013-08-12 22:34:31

Help setting up logstash+elasticsearch

I'm trying to set up logstash and elasticsearch according to this article . It seems that I am doing everything as described, but for some reason I cannot transfer from logstash to elasticsearch located on another server.

I will describe the course of my setup:

Machine A (192.168.56.101)

1. Downloaded the latest version of logstash (1.1.13):
sudo wget https://logstash.objects.dreamhost.com/release/logstash-1.1.13-flatjar.jar - O logstash.jar

2. Wrote a simple config (/etc/logstash/sample.conf):

input {
    file {
      type => "logs"
      path => "/var/log/iptables.log"
    }
}

output {
  elasticsearch {
    embedded => false
    type => "logs"
    cluster => "es_logs"
    host => "192.168.56.102"
    max_inflight_requests => 500
  }
}


3. I run it like this:
sudo java -jar /opt/logstash/logstash.jar agent -v -f /etc/logstash/sample.conf

netstat shows that port 9300 is listening on

Machine B (192.168.56.102)

1. I download elasticsearch 0.20.6 (this version requires logstash 1.1.13 according to logstash.net/docs/1.1.13/outputs/elasticsearch )

2. I only change in the config the name of the cluster that was specified in logsrash on machine A:
  cluster:
    name: "es_logs"

3. I start elasticsearch:
  ./bin/elasticsearch

I wrote in the logs:
. . [2013-08-12 23:22:46,629][INFO ][node ] [Virgo] {0.20.2}[17620]: started [2013-08-12 23:22:46,629][INFO ][gatway ] [Virgo] {0.20.2}[17620]: recovered [0] indicates into cluster_state
netstat shows that ports 9200 and 9300 are listening

Now, when an entry gets into the iptables log, the following error occurs on machine A:
: message=>"Failed to index an event, will retry", :exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for [1m]

Tell me, what could be the problem?

PS: I'm testing this whole thing on virtual machines, if this error is related to this

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexey Yamschikov, 2015-02-25
@mobilesfinks

Old question, but maybe someone will stumble upon.
Now logstash does not write to elastic if there are no lines in the latter in the config:
http.cors.allow-origin: "/.*/"
http.cors.enabled: true
after adding everything works.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question