dockerelasticsearchlogstash

Docker logstash trying to connect to despite


I have a docker logstash configured as such:

input {
  tcp {
    port => 5000
  }
}

output {
  elasticsearch {
    hosts => ["https://my-custom-elastic.com:9321"]

Expected:

I would expect logstash to connect to https://my-custom-elastic.com:9321 and not http://elasticsearch:9200/

Actual:

Reproducible 100% of the time, I am getting this error:

[2023-08-18T06:11:35,099][INFO ][logstash.licensechecker.licensereader] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://elasticsearch:9200/]}}
[2023-08-18T06:11:35,409][INFO ][logstash.licensechecker.licensereader] Failed to perform request {:message=>"elasticsearch: Name or service not known", :exception=>Manticore::ResolutionFailure, :cause=>java.net.UnknownHostException: elasticsearch: Name or service not known}
[2023-08-18T06:11:35,415][WARN ][logstash.licensechecker.licensereader] Attempted to resurrect connection to dead ES instance, but got an error {:url=>"http://elasticsearch:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [http://elasticsearch:9200/][Manticore::ResolutionFailure] elasticsearch: Name or service not known"}
[2023-08-18T06:11:35,599][INFO ][logstash.licensechecker.licensereader] Failed to perform request {:message=>"elasticsearch", :exception=>Manticore::ResolutionFailure, :cause=>java.net.UnknownHostException: elasticsearch}

I am sure logstash is picking up the correct configuration, because after this error, few lines after, it does connect to my expected destination.

Question:

Why would logstash still trying to connect to localhost even if I configured a custom host?


Solution

  • run into the same issue, and found a couple of articles suggesting that it's from logstash x-pack monitoring which is on by default, see here: https://discuss.elastic.co/t/logstash-outputs-elasticsearch-is-trying-to-connect-to-another-elasticsearch/101526/5 It's about disabling the license checking.

    The solution that worked for me is entering:

    xpack.monitoring.enabled: false
    

    in logstash.yml (in my container it's under /usr/share/logstash/config/logstash.yml).