Can I change default port of Filebeat "5044" to someother port

priya94 · August 28, 2019, 6:23am

Hi All,
I am new to ELK
I am trying to run multiple filebeat instances on same machine to send different logs to logstash,then i am sending the logs to elasticserach with different index name.

But Logstash is not recognizing different filebeat input,So i want to change my default port of each flebeat,so that i can configure input beat as different port.

Can anyone please tell a way to change the port of filebeat,
else let me know someother approach to achieve this.

Thanks and Regards,
VishnuPriya

Christian_Dahlqvist · August 28, 2019, 6:53am

Can you not just add a field to the Filebeat config and use that to identify data?

priya94 · August 28, 2019, 7:04am

Thanks for replying Christian_Dahlqvist,

This is my filebeat input,Where i should configure extra field,

#=========================== Filebeat inputs
filebeat.inputs:

type: log
enabled: True
paths:
- /var/century/logs/*.out

#================================ Outputs ========
output.logstash:
enabled: true
hosts: ["XX.XX.XX.XX:5044"]

And if I am configuring extra field how can i filter that in logstash,below is my logstash configuration,

input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200"]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "cmlogs"
document_type => "cmlogs"
}
stdout
{
codec =>rubydebug
}
}

priya94 · August 28, 2019, 7:07am

Other filebeat is having the same configuration, only the log path is differs

priya94 · August 28, 2019, 9:35am

Thanks Christian_Dahlqvist for your support,I tried using Fields in filebeat.It worked for me,

Below is the configuration which worked for me,

Filebeat 1:
------Filebeat inputs ----------

filebeat.inputs:

type: log
enabled: True
paths:
- /var/century/cmui/logs/*.out
  fields: {log_type: cm}
  ---- Logstash output -----
  output.logstash:
  enabled: true
  hosts: ["XX.XX.XX.XX:5044"]

Filebeat 2:
------Filebeat inputs ----------

filebeat.inputs:

type: log
enabled: True
paths:
- /var/century/centuryui/logs/*.out
  fields: {log_type: century}
  ---- Logstash output -----
  output.logstash:
  enabled: true
  hosts: ["XX.XX.XX.XX:5044"]

LOGSTASH CONFIGURATION

input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200"]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "%{[fields][log_type]}-logs"
}
stdout
{
codec =>rubydebug
}
}

My logs are created intwo different index named cm-logs and century-logs.

Topic		Replies	Views
Filebeat configuration Beats filebeat	1	304	November 15, 2021
Logstash change port Logstash	9	4701	November 8, 2021
Multiple Filebeat Inputs to different Logstash ports Beats filebeat	3	2758	May 2, 2020
I have two Machine, one has elastic, Logstash and kibana and other pc has filebeat, in one PC ELK stack is up and when i start filebeat to send log to logstasg it is not able to send Beats	3	623	December 25, 2019
Logstash and filebeat configuration for ports Logstash	5	4288	September 20, 2018

Can I change default port of Filebeat "5044" to someother port

Related topics