Hi. I have a problem when Beats connecting to Logstash:
2017-04-17T14:53:22-05:00 INFO Harvester started for file: /var/elk/logFile.log 2017-04-17T14:53:22-05:00 ERR Connecting error publishing events (retrying): dial tcp **.***.**.**:5044: getsockopt: connection refused 2017-04-17T14:53:23-05:00 ERR Connecting error publishing events (retrying): dial tcp **.***.**.**:5044: getsockopt: connection refused
I checked Logstash and it worked fine when it was reading files in local directory. I also ran telnet command:
# telnet localhost 5044 Trying ::1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host.
And it's unclear for me if Logstash works as expected or not. Or it's Beats problem. Any ideas?
I tried to forward logs from Beats to Elasticsearch and it worked good.
Providing filebeat.yml file
filebeat.prospectors: - input_type: log paths: - /var/elk/logFile.log registry_file: /var/lib/filebeat/registry output.logstash: hosts: ["myhost:5044"] ssl: certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]