Elasticsearch (v2.9) pod and Logstash Pod is running in same default namespace named elastic-system
But elasticsearch pod is blocking all http request from Logstash Pod. This outputs is shared below:
Logstash Pod logs output:
[2023-11-03T10:57:39,092][WARN ][logstash.outputs.elasticsearch][main] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elastic:xxxxxx@quickstart-es-http:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://quickstart-es-http:9200/][Manticore::ClientProtocolException] quickstart-es-http:9200 failed to respond"}
Elasticsearch Pod logs output:
{"@timestamp":"2023-11-03T11:04:55.719Z", "log.level": "WARN", "message":"received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/10.10.234.134:9200, remoteAddress=/10.10.234.158:60508}", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[quickstart-es-default-0][transport_worker][T#1]","log.logger":"org.elasticsearch.http.netty4.Netty4HttpServerTransport","elasticsearch.cluster.uuid":"cLtrkFiZSXGk9Y7Vkh1dIA","elasticsearch.node.id":"ixrbei6lTcKEJhIxmhemJw","elasticsearch.node.name":"quickstart-es-default-0","elasticsearch.cluster.name":"quickstart"}
I shared persistent volume and logstash yaml file below:
apiVersion: v1
kind: PersistentVolume
metadata:
name: logstash-data
labels:
type: local
spec:
storageClassName: ls-scn
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/logstash/data"
---
apiVersion: logstash.k8s.elastic.co/v1alpha1
kind: Logstash
metadata:
name: quickstart
spec:
count: 1
elasticsearchRefs:
- name: quickstart
clusterName: qs
version: 8.10.2
podTemplate:
spec:
containers:
- name: logstash
env:
- name: ECK_CACRT
value: 81FCA623ED460EA0832CB35AD73D9A87B2E9B323ACFF07B985451E815CABF3D2
pipelines:
- pipeline.id: main
config.string: |
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => [ "quickstart-es-http" ]
user => "elastic"
password => "4PyI3513SR21cSHs7lj6GyN9"
ca_trusted_fingerprint => "${ECK_CACRT}"
}
}
services:
- name: beats
service:
spec:
type: NodePort
ports:
- port: 5044
name: "filebeat"
protocol: TCP
targetPort: 5044
nodePort: 32000
volumeClaimTemplates:
- metadata:
name: logstash-data # Do not change this name unless you set up a volume mount for the data path.
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: ls-scn
Solution: hosts in logstash.yaml
should be like below:
output {
elasticsearch {
hosts => [ "https://quickstart-es-http:9200" ]
user => "elastic"
password => "4PyI3513SR21cSHs7lj6GyN9"
ca_trusted_fingerprint => "${ECK_CACRT}"
}
}