ERR Connecting error publishing events

Hello:

I am brand new to this and I have installed the ELK server based on this - https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04

It appears to working fine.

I installed the winlogbeat on a Windows 2008 r2 server and I am attempting to send the event logs to the elk server - here is my config.

winlogbeat.event_logs:
  - name: Application
    ignore_older: 72h
  - name: Security
  - name: System

#----------------------------- Logstash output --------------------------------
#output.logstash:
  # The Logstash hosts
    hosts: ["10.91.50.100:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

#================================ Logging =====================================

# Sets log level. The default log level is info.
# Available log levels are: critical, error, warning, info, debug
#logging.level: debug

The error I am getting is -
2017-03-20T12:21:44-04:00 ERR Connecting error publishing events (retrying): Get http://10.91.50.100:5044: EOF

I am not using SSL.

The beat file config is.

input {
  beats {
    port => 5044
  }
}

Any suggestions?

thanks

Wil

The beat is trying to use the elasticsearch output and not the logstash output.

Make sure that you have commented out or removed the elasticsearch configuration block. Then you need to uncomment the logstash output. You still have #output.logstash: in your config file which comments out the logstash config.

Awesome - working now - I missed that thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.