Hi, I am new to ELK Stack.
I am trying to implement it Using Windows (ELK Server ) and Vagrant Unix CentOS VM ( Filebeat Shipper )
For starters, I am trying to ship Unix Syslog to ELK server and see how it works
I have configured the central.conf file for Logstash on my Windows Machine as
input{
beats{
port => 5044
}
}
output{
stdout{ }
elasticsearch{
hosts => ["http://localhost:9200"]
}
}
and Filebeat YAML on Unix (CentOS - 7) is configured as
filebeat:
prospectors:paths:
-"/var/log/*.log"
input_type: log
document_type: beat
registry: "/var/lib/filebeat"
output:
logstash:
hosts: ["127.0.0.1:5044"]
logging:
to_files: true
files:
path: "/var/log/filebeat"
name: filebeat.log
rotateeverybytes: 10485760
level: debug
Elasticsearch and Logstash is running properly on my windows machine
I am facing the following two issues right now,
- When i try to run filebeat shipper on Unix , it gives me the below error
[root@localhost filebeat]# filebeat -e -v -c filebeat.yml -d "*"
2016/05/08 11:07:00.404841 beat.go:135: DBG Initializing output plugins
2016/05/08 11:07:00.404873 geolite.go:24: INFO GeoIP disabled: No paths were set under output.geoip.paths
2016/05/08 11:07:00.404886 publish.go:269: INFO No outputs are defined. Please define one under the output section.
Error Initialising publisher: No outputs are defined. Please define one under the output section.
2016/05/08 11:07:00.404902 beat.go:140: CRIT No outputs are defined. Please define one under the output section.
2 . When i saw Logstash logs , i found out , its trying to listen Beats input on "0.0.0.0:5044" rather than on "127.0.0.1:5044"
{:timestamp=>"2016-05-08T16:36:07.158000+0530", :message=>"Beats inputs: Starting input listener", :address=>"0.0.0.0:5044", :level=>:info}
are these two issues interrelated , how can i resolve them , could someone please help me out and point me in the right direction to get this working.
Really Appreciate any help you could provide.
are these issue'