Overview of data flow:
Beats on VMs -→ nginx -→ logstash (ingress definition, see below) -→ elasticsearch
Logstash Ingress Definition:
ingress: enabled: true className: "nginx" pathtype: ImplementationSpecific hosts: - host: logstash.domain paths: - path: /beats servicePort: 5044 - path: /http servicePort: 8080
On the assorted beats, I'm having trouble getting it to send the data to logstash. It should be emphasized that there is an nginx instance in the middle that is receiving the initial request on port 443 and forwarding it to the kubernetes cluster, and I do not have any info on the configuration of that instance at this time.
This is the configuration of the output on the beats:
output.logstash: hosts: - "logstash.domain:443" protocol: "https" ssl.enabled: true ssl.verification_mode: none ssl.certificate_authorities: ["REDACTED"] ssl.certificate: "REDACTED" ssl.key: "REDACTED" username: "REDACTED" password: "REDACTED"
This appears to result in the information flowing to the logstash ingress but then it seems to be discarded (my assumption is because it is not pointed to
logstash.domain:443/beats like the ingress definition is expecting, but when I attempt to configure it that way I get a name resolution error.
Is my above thought correct? If so, I can work with the appropriate individual(s) to add DNS entries.