I make a moke-up to centralize logs with ELK. I have one server where ELK is installed, one firewall (Stomrshield) and one pc client.
With ELK I receive and treat the logs sent by the firewall. I installed also Metricbeat on the same server to have more data about the trafic outband, inband, cpu, etc. It works.
Then, I would like to install Metricbeat on the pc client.
**Below my Metricbeat's configuration : (metricbeat.yml) **
###################### Metricbeat Configuration Example #######################
This file is an example configuration file highlighting only the most common
options. The metricbeat.reference.yml file from the same directory contains all the
supported options with more comments. You can use it as a reference.
For some reason the metricbeat.yml config that you tried to post above didn't come through. Maybe try escaping it between ``` and ``` so it is formatted properly?
Additionally, it would be helpful if you could post any log output from Metricbeat as well.
Finally, please let us know which versions of Metricbeat and Elasticsearch you are using.
You will find in attachment, the Metricbeat's configuration, Elasticsearch's configuration and the Metricbeat's logs.
I use Elasticsearch version 6.4.2 and Metricbeat version 6.4.2.
The ip adress of my ELK server is 192.168.22.200 and my pc client where Metricbeat is installed, is 192.168.30.100.
I think I found the problem. When I tape **netstat -anp | grep 9200 **on my ELK server, the port 9200 is in Listening only for the adress ip 127.0.0.1.
You will find in attachment the result of this command. (netstat-anp.jpg)
So, I think the problem come to the config file elasticsearch.yml. (Maybe the line network.host, idk).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.