Question

我的Filebeat安装显然无法连接到Elastic搜索：

/ var / log / filebeat / filebeat：

2019-02-04T02:41:18.699Z        ERROR   fileset/factory.go:105  Error creating input: Can only start an input when all related states are finished: {Id:393257-2049 Finished:false Fileinfo:0xc4204692b0 Source:/var/log/auth.log Offset:16059 Timestamp:2019-02-04 02:41:18.687378819 +0000 UTC m=+0.054671057 TTL:-1ns Type:log Meta:map[] FileStateOS:393257-2049}
2019-02-04T02:41:18.699Z        ERROR   [reload]        cfgfile/list.go:96      Error creating runner from config: Can only start an input when all related states are finished: {Id:393257-2049 Finished:false Fileinfo:0xc4204692b0  Source:/var/log/auth.log Offset:16059 Timestamp:2019-02-04 02:41:18.687378819 +0000 UTC m=+0.054671057 TTL:-1ns Type:log Meta:map[] FileStateOS:393257-2049}
2019-02-04T02:41:38.632Z        ERROR   elasticsearch/client.go:319     Failed to perform any bulk index operations: Post http://localhost:9200/_bulk: dial tcp [::1]:9200: connect: connection refused
2019-02-04T02:41:39.710Z        ERROR   pipeline/output.go:121  Failed to publish events: Post http://localhost:9200/_bulk: dial tcp [::1]:9200: connect: connection refused
2019-02-04T02:41:43.562Z        ERROR   pipeline/output.go:100  Failed to connect to backoff(elasticsearch(http://localhost:9200)): Get http://localhost:9200: dial tcp [::1]:9200: connect: connection refused
2019-02-04T02:41:49.632Z        ERROR   pipeline/output.go:100  Failed to connect to backoff(elasticsearch(http://localhost:9200)): Get http://localhost:9200: dial tcp 127.0.0.1:9200: connect: connection refused
2019-02-04T02:41:58.853Z        ERROR   pipeline/output.go:100  Failed to connect to backoff(elasticsearch(http://localhost:9200)): Get http://localhost:9200: dial tcp 127.0.0.1:9200: connect: connection refused
2019-02-04T02:42:24.576Z        ERROR   pipeline/output.go:100  Failed to connect to backoff(elasticsearch(http://localhost:9200)): Get http://localhost:9200: dial tcp 127.0.0.1:9200: connect: connection refused

我相信这就是为什么我在 Kibana仪表板中没有得到Filebeat的任何结果的原因（即使我可以在Kibana中看到 filebeat-* 事件< strong>发现标签）：

elasticsearch.yml：

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
#http.port: 9200
# 
# For more information, consult the network module documentation.
#       
# --------------------------------- Discovery ----------------------------------
# 
# Pass an initial list of hosts to perform discovery when new node is started:   
# The default list of hosts is ["127.0.0.1", "[::1]"]
# 
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes:
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

See my post on discuss.elastic.co for more information

是否需要更改network.host中的elasticsearch.yml值？我已经尝试过network.host: 0.0.0.0和network.host: "0.0.0.0"

Google Cloud Platform上的ELK Stack-在Kibana仪表板中没有Filebeat的结果（无法连接到Elasticsearch）

0 个答案: