ElasticSearch Cluster: Logstash works, but does not show up on kibana dashboard

Elastic Stack Logstash
,
1

Hi,
I'm creating a cluster with elasticsearch (2 elastic nodes and a kibana/logstash/filebeat node).

Logstash "apparently" seems to work because filebeat sends the data to logstash and consequently logstash sends them to elastic that stores them correctly. However I don't see logstash monitoring on Kibana. Could you help me understand this?

Docker Compose

version: '3.3'
...

  es01:
    depends_on:
      - setup
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - /mnt/certs:/usr/share/elasticsearch/config/certs
      - esdata01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300
    environment:
      - node.name=es01
      - cluster.name=${CLUSTER_NAME}
      #- cluster.initial_master_nodes=["es01", "es02"]
      - cluster.initial_master_nodes=["es01", "es02"]
      #- node.roles=[master]
      #- discovery.seed_hosts=["x.x.x.x:9300","y.y.y.y:9301"]
      - discovery.seed_hosts=["x.x.x.x:9300", "y.y.y.y:9301"]
      - network.publish_host=x.x.x.x
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - network.host=0.0.0.0
      - http.host=0.0.0.0
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es01/es01.key
      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es01/es01.key
      - xpack.security.transport.ssl.certificate=certs/es01/es01.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
      - transport.port=9300
      - http.port=9200
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "50"
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120  
    deploy:
      mode: global
      placement:
        constraints: [node.hostname == elastic-01]
  es02:
    depends_on:
      - es01
    image: docker.elastic.co/elasticsearch/elasticsearch:${STACK_VERSION}
    volumes:
      - /mnt/certs:/usr/share/elasticsearch/config/certs
      - esdata02:/usr/share/elasticsearch/data
    ports:
      - 9201:9201
      - 9301:9301
    environment:
      - node.name=es02
      - cluster.name=${CLUSTER_NAME}
      #- cluster.initial_master_nodes=["es01", "es02"]
      - cluster.initial_master_nodes=["es02", "es01"]
      #- node.roles=[master]
      #- discovery.seed_hosts=["x.x.x.x:9300","y.y.y.y:9301"]
      - discovery.seed_hosts=["y.y.y.y:9301", "x.x.x.x:9300"]
      - network.publish_host=y.y.y.y
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - network.host=0.0.0.0
      - http.host=0.0.0.0
      - bootstrap.memory_lock=true
      - xpack.security.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=certs/es02/es02.key
      - xpack.security.http.ssl.certificate=certs/es02/es02.crt
      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.key=certs/es02/es02.key
      - xpack.security.transport.ssl.certificate=certs/es02/es02.crt
      - xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.license.self_generated.type=${LICENSE}
      - transport.port=9301
      - http.port=9201
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "50"
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9201 | grep -q 'missing authentication credentials'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120  
    deploy:
      mode: global
      placement:
        constraints: [node.hostname == elastic-02]

  kibana:
    depends_on:
      - es01
      - es02
    image: docker.elastic.co/kibana/kibana:${STACK_VERSION}
    volumes:
      - /mnt/certs:/usr/share/kibana/config/certs
      - kibanadata:/usr/share/kibana/data
    ports:
      - ${KIBANA_PORT}:5601
    environment:
      - SERVERNAME=kibana
      - ELASTICSEARCH_HOSTS=["https://x.x.x.x:9200","https://y.y.y.y:9201"]
      - ELASTICSEARCH_USERNAME=kibana_system
      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt

    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
        ]
      interval: 10s
      timeout: 10s
      retries: 120
    links:
      - es01:es01
      - es02:es02
    deploy:
      mode: global
      placement:
        constraints: [node.hostname == kibana-01]
        
  logstash:
    image: docker.elastic.co/logstash/logstash:${STACK_VERSION}
    depends_on:
      - es01
      - es02
      - kibana
    ulimits:
      memlock:
        soft: -1
        hard: -1
    user: root
    volumes:
      - /mnt/certs:/usr/share/logstash/certs
      - logstashdata01:/usr/share/logstash/data
      - /opt/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
      - /opt/logstash/logstash_ingest_data/:/usr/share/logstash/ingest_data/
      - /opt/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro,Z
    ports:
      - 5044:5044
    stdin_open: true
    tty: true
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "50"
    links:
      - es01:es01
      - es02:es02
    deploy:
      mode: global
      placement:
        constraints: [node.hostname == kibana-01]
        
  filebeat:
    user: root
    container_name: filebeat
    image: docker.elastic.co/beats/filebeat:8.15.1
    links:
      - logstash:logstash
    depends_on:
      - logstash
    volumes:
      - /var/run/docker.sock:/host_docker/docker.sock
      - /var/lib/docker:/host_docker/var/lib/docker
      - /opt/tmp/mylog:/usr/share/filebeat/mylog
      - /opt/tmp/filebeat.yml:/usr/share/filebeat/filebeat.yml
    command: ["--strict.perms=false"]
    ulimits:
      memlock:
        soft: -1
        hard: -1
    stdin_open: true
    tty: true
    deploy:
      mode: global
      placement:
        constraints: [node.hostname == kibana-01]
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "50"

volumes:
  esdata01:
  esdata02:
  kibanadata:
  logstashdata01:

Logstash.conf

input {
  beats {
    port => 5044
  }
}

filter {
}


output {
  elasticsearch {
    hosts=> ["https://x.x.x.x:9200", "https://y.y.y.y:9201"]
    user=> "elastic"
    password=> "changeme"
    ssl_certificate_authorities=> "certs/ca/ca.crt"
    ssl_enabled => true
    index => "logstash-%{+YYYY.MM.dd}"
  }
}

Logstash.yml

http.host: 0.0.0.0
node.name: logstash

immagine
immagine3420×1334 322 KB

Thanks for your availability