Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

winlogbeat : elasticsearch transport on non 9200 port not working #924

Closed
UnclePhil opened this issue Feb 4, 2016 · 2 comments
Closed

winlogbeat : elasticsearch transport on non 9200 port not working #924

UnclePhil opened this issue Feb 4, 2016 · 2 comments

Comments

@UnclePhil
Copy link

It seems that when i use another port than 9200 in the yml config file, the connection is not established.
i test the 3 following

output:
  elasticsearch:
    hosts: ["elasticsearch.irisnet.be"]
    index: "winlogbeat"

this is defaulting to 9200 and work perfectly (but 9200 is not a standard port allowed in our Firewall)

output:
  elasticsearch:
    hosts: ["elasticsearch.irisnet.be:9200"]
    index: "winlogbeat"

is working correctly

output:
  elasticsearch:
    hosts: ["elasticsearch.irisnet.be:80"]
    index: "winlogbeat"

is giving the following in the log file

2016-02-04T13:28:00+01:00 INFO GeoIP disabled: No paths were set under output.geoip.paths
2016-02-04T13:28:00+01:00 INFO Activated elasticsearch as output plugin.
2016-02-04T13:28:00+01:00 INFO Publisher name: SVIMSCAVW001
2016-02-04T13:28:00+01:00 INFO Flush Interval set to: 1s
2016-02-04T13:28:00+01:00 INFO Max Bulk Size set to: 50
2016-02-04T13:28:00+01:00 INFO Init Beat: winlogbeat; Version: 1.1.0
2016-02-04T13:28:00+01:00 INFO State will be read from and persisted to C:\ProgramData\winlogbeat\.winlogbeat.yml
2016-02-04T13:28:00+01:00 INFO winlogbeat sucessfully setup. Start running.
2016-02-04T13:28:00+01:00 INFO Connecting error publishing events (retrying): 503 Service Unavailable
2016-02-04T13:28:00+01:00 INFO send fail
2016-02-04T13:28:00+01:00 INFO backoff retry: 1s
2016-02-04T13:28:01+01:00 INFO Connecting error publishing events (retrying): 503 Service Unavailable

BTW: the service is perfectly reachable from the same machine on port 80, because i have powershell script working on this port to the same destination

best regards,
Ph Koenig
@ruflin
Copy link
Member

ruflin commented Feb 4, 2016

I tested this briefly locally with a random port (9999) on OS X and in general it seems to work as expected. Can you enabled debug mode by running it with -e -d "*" to get some more information?

@urso
Copy link

urso commented Feb 4, 2016

Please use discuss.elastic.co for these kind of questions.

See logs showing 503 being returned by server or firewall. Check HEAD request to elasticsearch.irisnet.be:80 being supported.

@urso urso closed this as completed Feb 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@urso @ruflin @UnclePhil