I try to set up logstash and elasticsearch by this article.I think I’ve done everything as described, but for some reason I can’t transfer from a logstash to an elasticsearch located on another server.

I will describe the course of my setup:

Machine A(192.168.56.101)

1.Download the latest version of logstash(1.1.13):
sudo wget https://logstash.objects.dreamhost.com/release/logstash-1.1.13-flatjar.jar - O logstash.jar

2.Wrote a simple config(/etc/logstash/sample.conf):
input {
    file {
      type=>"logs"
      path =>"/var/log/iptables.log"
    }
}

output {
  elasticsearch {
    embedded =>false
    type=>"logs"
    cluster=>"es_logs"
    host=>"192.168.56.102"
    max_inflight_requests=>500
  }
}


3.I start this way:
sudo java -jar /opt/logstash/logstash.jar agent -v -f /etc/logstash/sample.conf

netstat shows port 9300 is listening

Machine B(192.168.56.102)

1.Download elasticsearch 0.20.6(this version requires logstash 1.1.13 according to logstash.net/docs/1.1.13/outputs/elasticsearch)

2.In the config, I only change the names of the cluster that is listed in logsrash on machine A:
  cluster:
    name:"es_logs"

3.Run elasticsearch:
  ./bin/elasticsearch

In the logs wrote:
. . [2013-08-12 23: 22: 46,629][INFO][node][Virgo] {0.20.2}[17620]: started [2013-08-12 23: 22: 46,629][INFO][gatway][Virgo] {0.20.2}[17620]: recovered[0] indicates into cluster_state
netstat shows that ports 9200 and 9300 are listening

Now, when a record gets to the iptables log, the following error occurs on machine A:
   : message=>"Failed to index an event, will retry",: exception=>org.elasticsearch.discovery.MasterNotDiscoveredException: waited for[1m]

Tell me what could be the problem?

P.S: I'm testing all this stuff on virtual machines if this error is related to this

1 Answers 1

The question is old, but can someone stumble.
Now logstash does not write to elastic if in the last, there are no lines in the config:
http.cors.allow-origin:"/.*/"
http.cors.enabled: true

after adding everything works.