ELK stack set up - Filebeat setup failing

Hello - I'm new to this, just getting started installing the ELK stack on Ubuntu 20.04. Everything is running on that one server for now (though eventually we will want to look at a production version with a cluster, but for now this is fine) I'm following a tutorial:

Everything has been ok, up until this:

root@snipe:~# sudo filebeat setup --pipelines --modules system
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://localhost:5044: Get http://localhost:5044: read tcp 127.0.0.1:43464->127.0.0.1:5044: read: connection reset by peer]

As per the instructions I had already edited /etc/filebeat/filebeat.yml
I commented out:

#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

And uncommented

output.logstash:
  # The Logstash hosts
  hosts: ["localhost:5044"]

But still the error message. Any idea what I may have missed? Or where I should look?

Thank you, any help much appreciated!

Guy

Because you are passing in --pipelines it needs to connect to Elasticsearch to load the ingest pipelines, but you've commented that part out.

It might be easier if you follow https://www.elastic.co/guide/en/beats/filebeat/7.10/filebeat-installation-configuration.html

Okay thank you I'll try those instructions (should have known I'd be better off with the docs than random tutorials!)

DO can be good, but that one looks a little heavy, there's no need to use ngix for eg as we include free access control in Elasticsearch/Kibana

Ah really?! Access control was something that I was a bit concerned about - is that a new(ish) thing? I'll dig around the docs for that stuff.

Oh and it's working now - as you said, once I re-enabled elasticsearch as an output I could run that command, then I could follow on with the rest of the tutorial - thank you!

It's been free for over a year now!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.