The fluentd can't send log to elasticsearch.

[alphajc]

Recently, I deployed a docker-compose-efk environment. At the beginning it could work normally, but the fluentd could not send logs to the elasticsearch next day. After I restart the fluentd container, it was normal. Unfortunately, It was wrong yet next day. I cannot find the reason. Who can help me?

[adrianog]

Hi - Did you get to the bottom of this?

[Sridharc20]

Any error displayed?.. I tried today it worked perfectly. I assume you may want to ship the container logs to a elasticsearch in a different vm instead of shiping the logs to the elasticsearch as a container in the same host as docker-compose do. In that case there may be version of elasticsearch cause the issue. I got into this kind of issue, after 3 hrs of investigation found version caused the problem.!! :(

[kiranp227]

I have encountered the same issue. This is because that fluentd is not able to send logs to elasticsearch due to no authentication. Add User and Password in fluentd/conf/fluent.conf as below.

@type forward port 24224 bind 0.0.0.0

<match *.**> @type copy

@type elasticsearch host elasticsearch port 9200 logstash_format true logstash_prefix fluentd logstash_dateformat %Y%m%d include_tag_key true type_name access_log tag_key @log_name flush_interval 1s **user elastic password changeme** @type stdout

[maurya-m]

@kiranp227 , i tried adding the user /password as you suggested and also added index_name fluentd in the fluentd.conf , but i am unable to see and any indices discovered in the index management - the message is "Couldn't find any Elasticsearch data" , any clues what i might be missing, appreciate if you could help here. thanks