Cannot get winlogbeats to send to logstash

L33T · March 7, 2017, 11:44am

Hi,

Trying to get a new installation up and running but getting the following in my winlogbeats log:

2017-03-07T11:25:46Z ERR Connecting error publishing events (retrying): Get http://192.168.50.181:9200: dial tcp 192.168.50.181:9200: connectex: No connection could be made because the target machine actively refused it.

my configs are:

WinLogBeat:

#----------------------------- Logstash output --------------------------------
#output.logstash:
  # The Logstash hosts
  hosts: ["192.168.50.181:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/cl
  ient/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

Logstash Config:

input {
  beats {
	port => 5044
  }
}

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
  }
}

Regards,

andrewkroh · March 11, 2017, 12:01am

Based on the log message you provided you still have Winlogbeat configured to output to elasticsearch.

Make sure you comment out or completely remove the output.elasticsearch options. And then you need to uncomment the output.logstash line.

system · April 8, 2017, 12:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.