Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Errno 111] Connection refused in executing elastalert-create-index

See original GitHub issue

Hi everyone,

I install ElasticSearch, Logstash and Kibana on AWS EC2 node. And now I want to put Elastalert on the same node. I follow the setup in this article: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04

Here is the error message when I running elastalert-create-index

ubuntu@ip-172-31-10-92:~/elastalert$ elastalert-create-index 
/usr/local/lib/python2.7/dist-packages/elasticsearch-2.3.0-py2.7.egg/elasticsearch/connection/http_requests.py:59: UserWarning: Connecting to https://ec2-52-42-32-212.us-west-2.compute.amazonaws.com:9200 using SSL with verify_certs=False is insecure.
New index name? (Default elastalert_status) 
Name of existing index to copy? (Default None) 
Traceback (most recent call last):
  File "/usr/local/bin/elastalert-create-index", line 9, in <module>
    load_entry_point('elastalert==0.0.92', 'console_scripts', 'elastalert-create-index')()
  File "/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/create_index.py", line 107, in main
    if es_index.exists(index):
  File "build/bdist.linux-x86_64/egg/elasticsearch/client/utils.py", line 69, in _wrapped
  File "build/bdist.linux-x86_64/egg/elasticsearch/client/indices.py", line 226, in exists
  File "build/bdist.linux-x86_64/egg/elasticsearch/transport.py", line 329, in perform_request
  File "build/bdist.linux-x86_64/egg/elasticsearch/connection/http_requests.py", line 79, in perform_request
elasticsearch.exceptions.ConnectionError: ConnectionError(HTTPSConnectionPool(host='ec2-52-42-32-212.us-west-2.compute.amazonaws.com', port=9200): Max retries exceeded with url: /elastalert_status (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1349232250>: Failed to establish a new connection: [Errno 111] Connection refused',))) caused by: ConnectionError(HTTPSConnectionPool(host='ec2-52-42-32-212.us-west-2.compute.amazonaws.com', port=9200): Max retries exceeded with url: /elastalert_status (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f1349232250>: Failed to establish a new connection: [Errno 111] Connection refused',)))

The config.yaml file I have is

# This is the folder that contains the rule yaml files
# Any .yaml file will be loaded as a rule
rules_folder: example_rules

# How often ElastAlert will query elasticsearch
# The unit can be anything from weeks to seconds
run_every:
  minutes: 1

# ElastAlert will buffer results from the most recent
# period of time, in case some log sources are not in real time
buffer_time:
  minutes: 15

# The elasticsearch hostname for metadata writeback
# Note that every rule can have its own elasticsearch host
es_host: "ec2-52-42-32-212.us-west-2.compute.amazonaws.com"

# The elasticsearch port
es_port: 9200

# Optional URL prefix for elasticsearch
#es_url_prefix: elasticsearch

# Connect with SSL to elasticsearch
use_ssl: True

# GET request with body is the default option for Elasticsearch. 
# If it fails for some reason, you can pass 'GET', 'POST' or 'source'.
# See http://elasticsearch-py.readthedocs.io/en/master/connection.html?highlight=send_get_body_as#transport
# for details
#es_send_get_body_as: GET

# Option basic-auth username and password for elasticsearch
#es_username: someusername
#es_password: somepassword

es_username: "-----my Nginx username-----"
es_password: "-----my Nginx password------"

# The index on es_host which is used for metadata storage
# This can be a unmapped index, but it is recommended that you run
# elastalert-create-index to set a mapping
writeback_index: elastalert_status

# If an alert fails for some reason, ElastAlert will retry
# sending the alert until this time period has elapsed
alert_time_limit:
  days: 2

Here I am not very sure what is the es_username and password. And I know I have setup Ngnix user and there is an auth_basic restricted access there, so I put the username and password here.

It is the file /etc/nginx/sites-available/default for Nginx

server {
#       listen 80 default_server;
#       listen [::]:80 default_server ipv6only=on;
        listen 80;

#       root /usr/share/nginx/html;
#       index index.html index.htm;

        # Make site accessible from http://localhost/
        server_name ec2-52-42-32-212.us-west-2.compute.amazonaws.com
#       server_name ${hostname};

        auth_basic "Restricted Access";
        auth_basic_user_file /etc/nginx/htpasswd.users;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
#               try_files $uri $uri/ =404;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
                proxy_pass http://localhost:5601;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

Thanks in advanced!

Issue Analytics

  • State:open
  • Created 7 years ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

5reactions
Qmandocommented, Jul 8, 2016

Nginx is not pointing to Elasticsearch then, it’s pointing to Kibana. If curl works without --user, remove es_username and es_password, and change es_port to 9200, and change es_host to localhost.

2reactions
Qmandocommented, Jul 8, 2016

It looks like nginx is listening on port 80, not 9200. If the username/password were wrong, I would expect an http 403 response, not connection refused.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Failed to establish a new connection - Elastic Discuss
I am having problems creating elastalert in Elasticsearch. ... Failed to establish a new connection: [Errno 111] Connection refused'))).
Read more >
[Errno 111] Connection refused(elasticsearch) - Stack Overflow
I have installed elasticsearch using this command : pip install elasticsearch After installation I executed the following commands:
Read more >
Yelp/elastalert - Gitter
Hello - another question. I am building a customized alerter, that has dynamic endpoints to send data to depending on the environment that...
Read more >
ElastAlert 2 Metadata Index - Read the Docs
Run it and it will prompt you for the cluster information. ElastAlert 2 will create three different types of documents in the writeback...
Read more >
Wagtail connection refused, Errno 111, Elastic Search
Elastic search is saying it's running as expected. I'm not getting any errors installing requirements, manage.py migrate, runserver or logging in.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

ERROR:root:Error while running alert email: Error connecting to SMTP host: [Errno 111] Connection refused

Next page

flatline alert doesn't send realert even though the event falls below the threshold at given intervals