Allow remote access to Elasticsearch on DO ELK stack

November 6, 2015 12k views
Ubuntu Logging Configuration Management

I have the one click ELK stack setup running on a droplet, but I would also like to use the Elasticsearch part of it for other things as well as Logstash.

When I try to query it remotely though, I get a connection refused on port 9200.

How can I open this up, preferably to only allow access from defined ip addresses?

I have already tried commenting out the line in config and restarting, but this did not solve the issue.

Thanks in advance.

2 Answers

The DigitalOcean ELK One-Click binds to localhost by default in /etc/elasticsearch/elasticsearch.yml by setting: localhost

This sets both ‘network.bindhost’ and 'network.publishhost’ So make sure that is commented out as well.

If that still isn’t working after restarting, check to see if there is more than one elasticsearch process. You can use ps aux | grep elasticsearch to do so. I’ve seen a few cases where restarting elasticsearch launches a second process instead and configuration changes don’t take effect as expected. After killing them manually and starting it back up, it should be configured as expected.
http.port: 9200

Have another answer? Share your knowledge.