Hello, i have been looking into the issue between filebeat and logstash for days now and have unfortunately gotten nowhere. Namely the configuration we have is as following:
- Test Environment (firewall and SELinux disabled)
- Everything is running on Centos7 (1 Server with filebeat 2x Server with logstash sending to an Elasticsearch cluster with 2 nodes, one being a master node)
- Pipeline as follows Filebeat => Logstash => Elasticsearch
filebeat.yml configuration
#----------------------------- Logstash output --------------------------------
output.logstash:The Logstash hosts
hosts: ["10.226.95.10:5044","10.226.95.13:5045"]
loadbalance: trueOptional SSL. By default is off.
List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
Client Certificate Key
#ssl.key: "/etc/pki/client/cert.key"
logstash.conf file
input {
beats {
port => 5044
client_inactivity_timeout => 86400
}}
output {
elasticsearch {
hosts => ["http://10.226.95.10:9200"] index => "%{[@metadata][beat]}-%{[@metadata][version]-%{+YYYY.MM.dd}"
}
once filebeat is started with stdout (filebeat -e) dashboards and templates have been loaded in kibana, the following is message is received:
Connecting to backoff(async(tcp://10.226.95.10:5044))
Connecting to backoff(async(tcp://10.226.95.13:5045))
Connection to backoff(async(tcp://10.226.95.10:5044)) established
Failed to publish events caused by: read tcp 10.226.95.12:53112->10.226.95.10:5044: read: connection reset by peer
Failed to publish events caused by: read tcp 10.226.95.12:53112->10.226.95.10:5044: read: connection reset by peer
Failed to publish events caused by: client is not connected
Failed to connect to backoff(async(tcp://10.226.95.13:5045)): dial tcp 10.226.95.13:5045: connect: connection refused
Attempting to reconnect to backoff(async(tcp://10.226.95.13:5045)) with 1 reconnect attempt(s)
Failed to publish events: client is not connected
Connecting to backoff(async(tcp://10.226.95.10:5044))
Failed to connect to backoff(async(tcp://10.226.95.13:5045)): dial tcp 10.226.95.13:5045: connect: connection refused
Attempting to reconnect to backoff(async(tcp://10.226.95.13:5045)) with 2 reconnect attempt(s)
Failed to connect to backoff(async(tcp://10.226.95.10:5044)): dial tcp 10.226.95.10:5044: connect: connection refused
Attempting to reconnect to backoff(async(tcp://10.226.95.10:5044)) with 1 reconnect attempt(s)
I have found that the loadbalance:true setting might be the most likely culprit, as once removed and only one logstash is set as an output filebeat can and sucessfully connects to either of the nodes set, but as soon as a second one is added and loadballance turned on the error returns.
Additionally i have attempted using the options for worker: and have set the timeout to from 60, 3000 and finally 86400 none made a difference.
Any help will be more than appreciated.