Error in Filebeat

I am trying to learn how to install & use ELK Stack on Centos7
I have installed JAVA and every thing according to this link

now on my Server every thing is running fine, and when i test
systemctl status logstash
i got this response
logstash.service - LSB: Starts Logstash as a daemon.
Loaded: loaded (/etc/rc.d/init.d/logstash; bad; vendor preset: disabled)
Active: active (exited) since Sat 2017-03-18 15:55:18 EDT; 7min ago
Docs: man:systemd-sysv-generator(8)

Mar 18 15:55:18 systemd[1]: Starting LSB: Starts Logstash as a daemon....
Mar 18 15:55:18 logstash[5774]: logstash started.
Mar 18 15:55:18 systemd[1]: Started LSB: Starts Logstash as a daemon..

ON client machine i install Filebeat and start service but its not sending LOGS, so when i use this command

[root@srv1 ~]# systemctl status filebeat
● filebeat.service - filebeat
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2017-03-18 15:56:03 EDT; 8min ago
Main PID: 1586 (filebeat)
CGroup: /system.slice/filebeat.service
└─1586 /usr/bin/filebeat -c /etc/filebeat/filebeat.yml

Mar 18 15:56:03 systemd[1]: Started filebeat.
Mar 18 15:56:03 systemd[1]: Starting filebeat...
Mar 18 15:56:03 /usr/bin/filebeat[1586]: transport.go:125: SSL client failed to connect with: dial tcp getsockopt: connection refused
[root@srv1 ~]#

even i use insecure: true option in config file as bellow

- /var/log/secure
- /var/log/messages
# - /var/log/*.log

  input_type: log

  document_type: syslog

registry_file: /var/lib/filebeat/registry

hosts: [""]
bulk_max_size: 1024

  #certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
  insecure: true


rotateeverybytes: 10485760 # = 10MB

i also follow this link

and test my connection with this command

curl -v --cacert logstash-forwarder.crt

on both Server and Client i got this error
Failed connect to; Connection refused

when i try to use telnet command from client server
telnet 5044
I got this error
telnet: connect to address Connection refused

also when i check in my server sudo netstat -plnt
I see this output
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0* LISTEN 4521/node
tcp 0 0* LISTEN 1/systemd
tcp 0 0* LISTEN 4750/nginx: master
tcp 0 0* LISTEN 882/sshd
tcp6 0 0 :::111 :::* LISTEN 795/rpcbind
tcp6 0 0 ::1:9200 :::* LISTEN 4369/java
tcp6 0 0 :::* LISTEN 4369/java
tcp6 0 0 ::1:9300 :::* LISTEN 4369/java
tcp6 0 0 :::* LISTEN 4369/java
tcp6 0 0 :::22 :::* LISTEN 882/sshd

how can i fix this issue...
I try my best from 2 days but no Luck...

There definitively seems to be an issue between with the connection between filebeat and LS. Which versions of Filebeat, Logstash, Elasticsearch are you using?

I strongly recommend you to follow the getting started here as it is up-to-date with all the recent changes:


I have this error with my filebeat service status too. But when I edit my logstash configuration file, filebeat is working again. Could you check that and tell me if you have the same issue ?


Please properly format your posts (It's that unreadable, I just skimmed it). Use the </>-button for logs and configurations.

which Logstash and Filebeat version are you using? Do they match the blog-post versions? In 5.0 the SSL/TLS settings must use the ssl namespace, but you're using tls.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.