Docker – ELK堆栈 – “Elasticsearch似乎无法访问或失败”
所以我使用docker-compose来启动ELK堆栈,它将由filebeats填充…我的configuration是这样的:
elasticsearch: image: elasticsearch:latest command: elasticsearch -Des.network.host=_non_loopback_ ports: - "9200:9200" - "9300:9300" logstash: image: logstash:latest command: logstash -f /etc/logstash/conf.d/logstash.conf -b 10000 -w 1 volumes: - ./logstash/config:/etc/logstash/conf.d ports: - "5044:5044" links: - elasticsearch environment: - LS_HEAP_SIZE=2048m kibana: build: kibana/ volumes: - ./kibana/config/:/opt/kibana/config/ ports: - "5601:5601" links: - elasticsearch 我的logstash.conf文件看起来像这样:
input { beats { port => 5044 } } .... output { elasticsearch { hosts => "localhost:9200" manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" document_type => "%{[@metadata][type]}" } }
这些docker集装箱运行在同一个实例,我已经确认能够从外部打到两个端口。
从filebeat中同步文件时出现的错误是:
logstash_1 | {:timestamp=>"2016-05-19T19:52:55.167000+0000", :message=>"Attempted to send a bulk request to Elasticsearch configured at '[\"http://localhost:9200/\"]', but Elasticsearch appears to be unreachable or down!", :error_message=>"Connection refused", :class=>"Manticore::SocketException", :client_config=>{:hosts=>["http://localhost:9200/"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil, :ssl=>{}}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :logger=>nil, :tracer=>nil, :reload_connections=>false, :retry_on_failure=>false, :reload_on_failure=>false, :randomize_hosts=>false, :http=>{:scheme=>"http", :user=>nil, :password=>nil, :port=>9200}}, :level=>:error}
谢谢,
您尝试在localhost上达到elasticsearch,但是这不可能,在这种情况下localhost是包含logstash的docker容器。
您必须通过链接访问它:
output { elasticsearch { hosts => "elasticsearch:9200" manage_template => false index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}" document_type => "%{[@metadata][type]}" } }
或者,如果你想从“outside”而不是localhost访问你的elasticsearch实例,请填写你的ip(不是127.0.0.1)