Configuring logstash to listen to Filebeat

agrawalsaurabh · February 15, 2017, 8:49am

Hi,

I have installed Logstash version 5.2.0 and File Beat 5.2.0. Next I configured file beat to send events to logstash.

Next I configured logstash to listen to file beat by the following configuration:

input {
beats {
port => 5044
}
}

output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}

The Elasticsearch document asks to install input beats plugin for logstash. So i executed the following command but it says connection refused.

D:\Softwares\LogMonitoring\logstash-5.2.0\bin>logstash-plugin install logstash-i
nput-beats
ERROR: Something went wrong when installing logstash-input-beats, message: Conne
ction refused - Connection refused

Can someone point to the correct steps to configure logstash to received inputs from file beat?

I am trying to parse the log files from apache and push it to elasticsearch.

Thanks.
Saurabh

guyboertje · February 15, 2017, 10:02am

The beats input is sooooo important in the Elastic Stack it is always shipped with each Logstash release.

bin/logstash-plugin list --verbose logstash-input-beats
logstash-input-beats (3.1.12)


bin/logstash-plugin --help
Usage:
    bin/logstash-plugin [OPTIONS] SUBCOMMAND [ARG] ...

Parameters:
    SUBCOMMAND                    subcommand
    [ARG] ...                     subcommand arguments

Subcommands:
    list                          List all installed Logstash plugins
    install                       Install a Logstash plugin
    remove                        Remove a Logstash plugin
    update                        Update a plugin
    pack                          Package currently installed plugins, Deprecated: Please use prepare-offline-pack instead
    unpack                        Unpack packaged plugins, Deprecated: Please use prepare-offline-pack instead
    generate                      Create the foundation for a new plugin
    uninstall                     Uninstall a plugin. Deprecated: Please use remove instead
    prepare-offline-pack          Create an archive of specified plugins to use for offline installation

Options:
    -h, --help                    print help



$ bin/logstash-plugin list --help
Usage:
    bin/logstash-plugin list [OPTIONS] [PLUGIN]

Parameters:
    [PLUGIN]                      Part of plugin name to search for, leave empty for all plugins

Options:
    --installed                   List only explicitly installed plugins using bin/logstash-plugin install ... (default: false)
    --verbose                     Also show plugin version number (default: false)
    --group NAME                  Filter plugins per group: input, output, filter or codec
    -h, --help                    print help

agrawalsaurabh · February 15, 2017, 10:26am

Thanks a lot for your reply. I just checked and the beats plugin is shipped by default with 5.2.

Thank.
Saurabh

system · March 15, 2017, 10:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.