Can I change default port of Filebeat "5044" to someother port

priya94 · August 28, 2019, 6:23am

Hi All,
I am new to ELK
I am trying to run multiple filebeat instances on same machine to send different logs to logstash,then i am sending the logs to elasticserach with different index name.

But Logstash is not recognizing different filebeat input,So i want to change my default port of each flebeat,so that i can configure input beat as different port.

Can anyone please tell a way to change the port of filebeat,
else let me know someother approach to achieve this.

Thanks and Regards,
VishnuPriya

Christian_Dahlqvist · August 28, 2019, 6:53am

Can you not just add a field to the Filebeat config and use that to identify data?

priya94 · August 28, 2019, 7:04am

Thanks for replying Christian_Dahlqvist,

This is my filebeat input,Where i should configure extra field,

#=========================== Filebeat inputs
filebeat.inputs:

type: log
enabled: True
paths:
- /var/century/logs/*.out

#================================ Outputs ========
output.logstash:
enabled: true
hosts: ["XX.XX.XX.XX:5044"]

And if I am configuring extra field how can i filter that in logstash,below is my logstash configuration,

input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200"]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "cmlogs"
document_type => "cmlogs"
}
stdout
{
codec =>rubydebug
}
}

priya94 · August 28, 2019, 7:07am

Other filebeat is having the same configuration, only the log path is differs

priya94 · August 28, 2019, 9:35am

Thanks Christian_Dahlqvist for your support,I tried using Fields in filebeat.It worked for me,

Below is the configuration which worked for me,

Filebeat 1:
------Filebeat inputs ----------

filebeat.inputs:

type: log
enabled: True
paths:
- /var/century/cmui/logs/*.out
  fields: {log_type: cm}
  ---- Logstash output -----
  output.logstash:
  enabled: true
  hosts: ["XX.XX.XX.XX:5044"]

Filebeat 2:
------Filebeat inputs ----------

filebeat.inputs:

type: log
enabled: True
paths:
- /var/century/centuryui/logs/*.out
  fields: {log_type: century}
  ---- Logstash output -----
  output.logstash:
  enabled: true
  hosts: ["XX.XX.XX.XX:5044"]

LOGSTASH CONFIGURATION

input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200"]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "%{[fields][log_type]}-logs"
}
stdout
{
codec =>rubydebug
}
}

My logs are created intwo different index named cm-logs and century-logs.

system · September 25, 2019, 9:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash change port Logstash	9	4220	November 8, 2021
Logstash and filebeat configuration for ports Logstash	5	4046	September 20, 2018
Filebeat and Logstash on two Different servers Logstash	3	794	August 25, 2018
Logstash not listening to 5044 Logstash	3	5024	July 29, 2021
ELK : logstash with 3 different beats inputs on different ports with 3 different indexes Logstash	1	243	July 28, 2020

Can I change default port of Filebeat "5044" to someother port

Related Topics