Hello,
I am a University student and my project is on the ELK Stack and I have followed the implementation on your Website from Elastic Search, Kibana and Logstash.
I understood that I have to send from my servers the Logs to Logstash via Filebeat but when I am testing Filebeat to send Logs on the port 5044 the port is activated but it is not reachable.
Is there any modification should I do so that the ELK stack works properly?
You can see here the pipeline created in /usr/share/logstash:
input {
beats {
port => "5044"
}
}
The filter part of this file is commented out to indicate that it is
optional.
filter {
}
output {
stdout { codec => rubydebug }
}
I just created this pipeline to test if Filebeat was working as mentioned in your tutorial.
Rhe configuration of the filebeat.yml:
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
Array of hosts to connect to.
#hosts: ["localhost:9200"]
Optional protocol and basic auth credentials.
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
The Logstash hosts
hosts: ["localhost:5044"]
Optional SSL. By default is off.
List of root certificates for HTTPS server verifications
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
Certificate for SSL client authentication
#ssl.certificate: "/etc/pki/client/cert.pem"
I deactivated the Elastic Search output I activated the Logstash output and I put the path of the log file that is in your tutorial and still I don't get any answer .
This is the answer that I am getting:
adel@ubuntu:/usr/share/logstash$ sudo bin/logstash -f first-pipeline.conf --config.reload.automatic
WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[INFO ] 2018-02-25 23:38:06.264 [main] scaffold - Initializing module {:module_name=>"netflow", :directory=>"/usr/share/logstash/modules/netflow/configuration"}
[INFO ] 2018-02-25 23:38:06.674 [main] scaffold - Initializing module {:module_name=>"fb_apache", :directory=>"/usr/share/logstash/modules/fb_apache/configuration"}
[WARN ] 2018-02-25 23:38:09.533 [LogStash::Runner] multilocal - Ignoring the 'pipelines.yml' file because modules or command line options are specified
[INFO ] 2018-02-25 23:38:11.096 [LogStash::Runner] runner - Starting Logstash {"logstash.version"=>"6.2.2"}
[INFO ] 2018-02-25 23:38:13.990 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}
[INFO ] 2018-02-25 23:38:18.013 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] pipeline - Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50}
[INFO ] 2018-02-25 23:38:20.856 [[main]-pipeline-manager] beats - Beats inputs: Starting input listener {:address=>"0.0.0.0:5044"}
[INFO ] 2018-02-25 23:38:21.248 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] pipeline - Pipeline started succesfully {:pipeline_id=>"main", :thread=>"#<Thread:0x16695b4b@/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:246 sleep>"}
[INFO ] 2018-02-25 23:38:21.461 [[main]<beats] Server - Starting server on port: 5044
[INFO ] 2018-02-25 23:38:21.481 [Ruby-0-Thread-1: /usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:22] agent - Pipelines running {:count=>1, :pipelines=>["main"]}
Thank you