H everyone,
Get this error when trying to connect to my test Elasticsearch instance:
08-14-2019 14:22:34.589 +1200 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-elasticsearch-data-integrator---modular-input/bin/elasticsearch_json.py" ERRORConnectionError(<urllib3.connection.HTTPConnection object at 0x7f8ed19d6150>: Failed to establish a new connection: getaddrinfo() argument 2 must be integer or string) caused by: NewConnectionError(<urllib3.connection.HTTPConnection object at 0x7f8ed19d6150>: Failed to establish a new connection: getaddrinfo() argument 2 must be integer or string)
And here is my inputs.conf:
[elasticsearch_json://test]
date_field_name = timestamp
elasticsearch_indice = twitter
elasticsearch_instance_url = http://elasticsearch
greater_or_equal = 2019-01-01
index = main
interval = 60
lower_or_equal = now
port = 9200
secret = ********
user = admin
I tried calling the Elasticsearch REST API directly from my splunk server, and it is working. So doesn't seem to be networking or authentication issue?
[splunk@splunk-test local]$ curl -u admin:anypassword http://elasticsearch:9200/twitter/_search?size=1
{"took":1,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":339,"max_score":1.0,"hits":[{"_index":"twitter","_type":"doc","_id":"y4Ay5mkBJ7ccExGB44VQ","_score":1.0,"_source":{"retweeted":false,"@version":"1","message":"What is your favorite Splunk command?\n#Splunk","client":"<a href=\"https://about.twitter.com/products/tweetdeck\" rel=\"nofollow\">TweetDeck</a>","user":"YamadaNoel","@timestamp":"2019-04-04T02:34:43.000Z","source":"http://twitter.com/YamadaNoel/status/1113630949105782784","user_mentions":[],"hashtags":[{"indices":[38,45],"text":"Splunk"}],"symbols":[]}}]}}
Any idea what could be wrong here?
Cheers,
Vincent
... View more