ELK server timing out filebeat from Windows Server

mrojo · July 25, 2018, 5:18pm

Hello, I'm trying to establish connection between a windows box and ELK server, file beat has been successfully installed and running as a service, I'm able to ping and telnet to port 5044, Netstat shows that the connection has been established, but the filebeat.log shows a timeout and the file is not being harvested, any Help will be appreciated

2018-07-23T15:17:30.057-0500 INFO instance/beat.go:468 Home path: [C:\Temp\filebeat-6.2.4-windows-x86_64\filebeat-6.2.4-windows-x86_64] Config path: [C:\Temp\filebeat-6.2.4-windows-x86_64\filebeat-6.2.4-windows-x86_64] Data path: [C:\ProgramData\filebeat] Logs path: [C:\ProgramData\filebeat\logs]
2018-07-23T15:17:30.095-0500 INFO instance/beat.go:475 Beat UUID: 3c86b0a4-785a-47ab-a32b-3891be3794f4
2018-07-23T15:17:30.095-0500 INFO instance/beat.go:213 Setup Beat: filebeat; Version: 6.2.4
2018-07-23T15:17:30.095-0500 INFO pipeline/module.go:76 Beat name: LACMEXVECDB01
2018-07-23T15:17:30.097-0500 INFO instance/beat.go:301 filebeat start running.
2018-07-23T15:17:30.097-0500 INFO [monitoring] log/log.go:97 Starting metrics logging every 30s
2018-07-23T15:17:30.099-0500 INFO registrar/registrar.go:110 Loading registrar data from C:\ProgramData\filebeat\registry
2018-07-23T15:17:30.099-0500 INFO registrar/registrar.go:121 States Loaded from registrar: 0
2018-07-23T15:17:30.099-0500 WARN beater/filebeat.go:261 Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled. If you have already loaded the Ingest Node pipelines or are using Logstash pipelines, you can ignore this warning.
2018-07-23T15:17:30.099-0500 INFO crawler/crawler.go:48 Loading Prospectors: 1
2018-07-23T15:17:30.100-0500 INFO log/prospector.go:111 Configured paths: [c:\temp\report.log]
2018-07-23T15:17:30.100-0500 INFO crawler/crawler.go:82 Loading and starting Prospectors completed. Enabled prospectors: 1
2018-07-23T15:17:30.100-0500 INFO log/harvester.go:216 Harvester started for file: c:\temp\report.log
2018-07-23T15:18:01.666-0500 ERROR logstash/async.go:235 Failed to publish events caused by: read tcp 10.82.12.27:63729->169.171.164.17:5044: i/o timeout
2018-07-23T15:18:01.670-0500 ERROR logstash/async.go:235 Failed to publish events caused by: client is not connected
2018-07-23T15:18:02.669-0500 ERROR pipeline/output.go:92 Failed to publish events: client is not connected

pierhugues · July 26, 2018, 7:19pm

Hello @mrojo, I have a few questions that will help debug your problem:

What version of Filebeat are you running?
Any errors on the Logstash log?
Is there a load balancer between windows and the Logstash instances?

system · August 23, 2018, 7:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.