Architecture setup:
logstash : logstash-6.4.0-1.noarch (installed on RHEL7.5)
filebeat : filebeat version 6.4.0 (installed on Windows 2016 (64 bit OS))
elasticsearch : elasticsearch-oss-6.4.0-1.noarch (installed on RHEL7.5)
Issue is, filebeat is not connect to logstash or elasticsearch despite of enablement of telnet (port 5044)from the remote host to ES server.
Please find the below configurations of filebeat and logstash
filebeat.yml
#=========================== Filebeat inputs =============================
filebeat.inputs:
Each - is an input. Most options can be set at the input level, so
you can use different inputs for various configurations.
Below are the input specific configurations.
-
type: log
Change to true to enable this input configuration.
enabled: true
Paths that should be crawled and fetched. Glob based paths.
paths:
#- /var/log/*.log- E:\vrautu_logs\sample_logs\logs
#============================= Filebeat modules ===============================
filebeat.config.modules:
Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
Set to true to enable config reloading
reload.enabled: false
Period on which files under path should be checked for changes
#reload.period: 10s
#==================== Elasticsearch template setting ==========================
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
#============================== Dashboards =====================================
These settings control loading the sample dashboards to the Kibana index. Loading
the dashboards is disabled by default and can be enabled either by setting the
options here, or by using the -setup
CLI flag or the setup
command.
#setup.dashboards.enabled: false
The URL from where to download the dashboards archive. By default this URL
has a value which is computed based on the Beat name and version. For released
versions, this URL points to the dashboard archive on the artifacts.elastic.co
website.
#setup.dashboards.url:
#================================ Outputs =====================================
Configure what output to use when sending the data collected by the beat.
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
Array of hosts to connect to.
#hosts: ["localhost:9200"]
Optional protocol and basic auth credentials.
#----------------------------- Logstash output --------------------------------
output.logstash:
The Logstash hosts
hosts: ["https://10.33.X.X:5044"]
Optional SSL. By default is off.
List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ['E:\logstash\logstash.cer']
Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
#================================ Logging =====================================
Sets log level. The default log level is info.
Available log levels are: error, warning, info, debug
logging.level: debug
At debug level, you can selectively enable logging only for some components.
To enable all selectors use ["*"]. Examples of other selectors are "beat",
"publish", "service".
#logging.selectors: ["*"]