elastalert icon indicating copy to clipboard operation
elastalert copied to clipboard

Published 20 hours ago verified publisher icon bitsensor

Can't connecto to elasticSearch(9200)

Open jin-dev opened this issue 6 years ago • 6 comments

  1. Working OS : Mac OS
  2. Elastic-search Version : 6.5.4(127.0.0.1:9200)

my installation steps

1 . go to elastic search folder and run it (./elasticsearch) 2. git clone https://github.com/bitsensor/elastalert.git 3. cd elastalert and "make build" 4. set host 127.0.0.1 for config.json and elastalert.yaml 5. run docker with following command

   docker run -p 127.0.0.1:3030:3030 \
       -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
       -v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
       -v `pwd`/rulOAes:/opt/elastalert/rules \
       -v `pwd`/rule_templates:/opt/elastalert/rule_templates \
       --net="host" \
       --name elastalert bitsensor/elastalert:latest
  1. I got error

Description

It seems like my elastalert can not connect with elastic search when I tested with Postman (GET http://127.0.0.1:9200/), it works fine. Here is my error messages.

10:07:13.106Z  INFO elastalert-server: ProcessController:  Starting ElastAlert
10:07:13.107Z  INFO elastalert-server: ProcessController:  Creating index
10:07:24.777Z ERROR elastalert-server:
    ProcessController:  Traceback (most recent call last):
      File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
        "__main__", fname, loader, pkg_name)
      File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
        exec code in run_globals
      File "/opt/elastalert/elastalert/create_index.py", line 277, in <module>
        main()
      File "/opt/elastalert/elastalert/create_index.py", line 129, in main
        esversion = es.info()["version"]["number"]
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/client/utils.py", line 76, in _wrapped
        return func(*args, params=params, **kwargs)
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/client/__init__.py", line 241, in info
        return self.transport.perform_request('GET', '/', params=params)
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/transport.py", line 318, in perform_request
        status, headers_response, data = connection.perform_request(method, url, params, body, headers=headers, ignore=ignore, timeout=timeout)
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/connection/http_requests.py", line 85, in perform_request
        raise ConnectionError('N/A', str(e), e)
    elasticsearch.exceptions.ConnectionError: ConnectionError(HTTPConnectionPool(host='127.0.0.1', port=9200): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7ff2256162d0>: Failed to establish a new connection: [Errno 111] Connection refused',))) caused by: ConnectionError(HTTPConnectionPool(host='127.0.0.1', port=9200): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7ff2256162d0>: Failed to establish a new connection: [Errno 111] Connection refused',)))

10:07:24.777Z ERROR elastalert-server: ProcessController:  Index create exited with code 1
10:07:24.778Z  WARN elastalert-server: ProcessController:  ElastAlert will start but might not be able to save its data!
10:07:24.778Z  INFO elastalert-server: ProcessController:  Starting elastalert with arguments [none]
10:07:24.787Z  INFO elastalert-server: ProcessController:  Started Elastalert (PID: 48)
10:07:24.790Z  INFO elastalert-server: Server:  Server listening on port 3030
10:07:24.791Z  INFO elastalert-server: Server:  Server started
10:07:25.283Z ERROR elastalert-server:
    ProcessController:  WARNING:elasticsearch:GET http://127.0.0.1:9200/ [status:N/A request:0.002s]
    Traceback (most recent call last):
      File "/usr/lib/python2.7/site-packages/elasticsearch-6.3.1-py2.7.egg/elasticsearch/connection/http_requests.py", line 76, in perform_request
        response = self.session.send(prepared_request, **send_kwargs)
      File "/usr/lib/python2.7/site-packages/requests-2.19.1-py2.7.egg/requests/sessions.py", line 622, in send
        r = adapter.send(request, **kwargs)
      File "/usr/lib/python2.7/site-packages/requests-2.19.1-py2.7.egg/requests/adapters.py", line 513, in send
        raise ConnectionError(e, request=request)

Need your useful advides

Thank you

jin-dev avatar Jan 02 '19 10:01 jin-dev

Does this error still happen with the latest ElastAlert version?

martijnrondeel avatar Apr 02 '19 11:04 martijnrondeel

On mac, use host.docker.internal instead of localhost. See following:

https://docs.docker.com/docker-for-mac/networking/

But I still got following error. Don't know it's related to ES 7.0.1 or not.

ProcessController:  Traceback (most recent call last):
  File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
    "__main__", fname, loader, pkg_name)
  File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
    exec code in run_globals
  File "/opt/elastalert/elastalert/create_index.py", line 275, in <module>
    main()
  File "/opt/elastalert/elastalert/create_index.py", line 252, in main
    es.indices.put_mapping(index=index, doc_type='elastalert', body=es_mapping)
  File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/utils.py", line 84, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/client/indices.py", line 339, in put_mapping
    "PUT", _make_path(index, "_mapping", doc_type), params=params, body=body
  File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/transport.py", line 353, in perform_request
    timeout=timeout,
  File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/connection/http_requests.py", line 143, in perform_request
    self._raise_error(response.status_code, raw_data)
  File "/usr/lib/python2.7/site-packages/elasticsearch-7.0.1-py2.7.egg/elasticsearch/connection/base.py", line 168, in _raise_error
    status_code, error_message, additional_info
elasticsearch.exceptions.RequestError: RequestError(400, u'illegal_argument_exception', u'Types cannot be provided in put mapping requests, unless the include_type_name parameter is set to true.')

milinatw avatar May 23 '19 23:05 milinatw

@milinatw Good to note host.docker.internal only works on mac and maybe windows, not linux.

surfer190 avatar May 29 '19 06:05 surfer190

I don't mean to intrude or anything but I too am having the same issue. I did the same steps as @jin-dev and am getting the same errors. I am running the latest elastalert version (3.0 beta) against ELK 7.0 (OS: CentOS 7) Ive been banging my head to the wall over this issue for a while and I cant figure out what is happening. Please give any updates once available. Greatly appreciated! 😄

Bader972016 avatar Jun 04 '19 18:06 Bader972016

@Bader972016 when I ran this on linux (the second time for me)...it just worked!

docker run -d -p 3030:3030 -p 3333:3333 \
    -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
    -v `pwd`/config/elastalert-test.yaml:/opt/elastalert/config-test.yaml \
    -v `pwd`/config/config.json:/opt/elastalert-server/config/config.json \
    -v `pwd`/rules:/opt/elastalert/rules \
    -v `pwd`/rule_templates:/opt/elastalert/rule_templates \
    --net="host" \
    --name elastalert bitsensor/elastalert:latest

The --net="host" bit is the important part, no change in the config was needed.

surfer190 avatar Jun 04 '19 19:06 surfer190

Thanks @surfer190 for the reply. I will try to re-install and run this command when I get free to do so. Kinda moved on to something else (something new to bang my head to to the wall for 😆)

Bader972016 avatar Jun 05 '19 14:06 Bader972016