Hi, I'm running Filebeat on a EC2 machine as a docker container and configured to get logs from a Jenkins container, the Elasticsearch server is on another EC2 machine behind a reverse proxy (nginx), I can curl to the Elasticsearch using the URL or IP from the Filebeat machine, this is my filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/jenkins_home/logs/*.log.*
multiline.pattern: '^[A-Z]{1}[a-z]{2} {1,2}[0-9]{1,2}, [0-9]{4} {1,2}[0-9]{1,2}:[0-9]{2}:[0-9]{2}'
multiline.negate: true
multiline.match: after
output.elasticsearch:
hosts: ["http://xxxxx.xxxxx.com/elastic"]
username: elastic
password: somepassword
timeout: 120
path: "/elastic"
proxy_url: http://xxxxxx.xxxxx.com
I don't know how to configure the host field, should I use the URL or IP, or what/how to specify in the proxy_url field, right now my elastic is reachable from:
URL
http://xxxxx.xxxxx.com/elastic
http://xxxxx.xxxxx.com/9200
IP
http://xx.xxx.xxx.xxx/elastic
http://xx.xxx.xxx.xxx/9200
This is the error I'm getting in the logs from Filebeat:
ERROR pipeline/output.go:100 Failed to connect to backoff(elasticsearch(http://xx.xxx.xxx.xxx:9200/elastic)): Get http://xx.xxx.xxx.xxx:9200/elastic: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)