Beats on VMS to Logstash deployed in kubernetes with ingress definition - Beats Config Question

Overview of data flow:

Beats on VMs -→ nginx -→ logstash (ingress definition, see below) -→ elasticsearch

Logstash Ingress Definition:

  enabled: true
  className: "nginx"
  pathtype: ImplementationSpecific
    - host: logstash.domain
        - path: /beats
          servicePort: 5044
        - path: /http
          servicePort: 8080

On the assorted beats, I'm having trouble getting it to send the data to logstash. It should be emphasized that there is an nginx instance in the middle that is receiving the initial request on port 443 and forwarding it to the kubernetes cluster, and I do not have any info on the configuration of that instance at this time.

This is the configuration of the output on the beats:

  - "logstash.domain:443"
  protocol: "https"
  ssl.enabled: true
  ssl.verification_mode: none
  ssl.certificate_authorities: ["REDACTED"]
  ssl.certificate: "REDACTED"
  ssl.key: "REDACTED"
  username: "REDACTED"
  password: "REDACTED"

This appears to result in the information flowing to the logstash ingress but then it seems to be discarded (my assumption is because it is not pointed to logstash.domain:443/beats like the ingress definition is expecting, but when I attempt to configure it that way I get a name resolution error.

Is my above thought correct? If so, I can work with the appropriate individual(s) to add DNS entries.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.