Hi All,
Here is the error.
transport] transport/client.go:131 closing
2019-06-13T08:07:06.252Z DEBUG [logstash] logstash/async.go:159 69 events out of 69 events sent to logstash host xxx.xxx..xxx:15044. Continue sending
2019-06-13T08:07:06.252Z DEBUG [logstash] logstash/async.go:116 close connection
2019-06-13T08:07:06.252Z ERROR logstash/async.go:256 Failed to publish events caused by: client is not connected
2019-06-13T08:07:06.252Z DEBUG [logstash] logstash/async.go:116 close connection
2019-06-13T08:07:07.387Z DEBUG [input] input/input.go:152 Run input
2019-06-13T08:07:07.387Z DEBUG [input] log/input.go:187 Start next scan
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:417 Check file for harvesting: /root/testlog/testing.log
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:507 Update existing file for harvesting: /root/testlog/testing.log, offset: 49
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:559 Harvester for file is still running: /root/testlog/testing.log
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:417 Check file for harvesting: /root/testlog/testing.log
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:507 Update existing file for harvesting: /root/testlog/testing.log, offset: 6988
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:559 Harvester for file is still running: /root/testlog/testing.log
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:417 Check file for harvesting: /root/testlog/multipleabc.log
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:507 Update existing file for harvesting: /root/testlog/multipleabc.log, offset: 6988
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:559 Harvester for file is still running: /root/testlog/multipleabc.log
2019-06-13T08:07:07.388Z DEBUG [input] log/input.go:208 input states cleaned up. Before: 3, After: 3, Pending: 0
2019-06-13T08:07:07.900Z ERROR pipeline/output.go:121 Failed to publish events: client is not connected
2019-06-13T08:07:07.900Z INFO pipeline/output.go:95 Connecting to backoff(async(tcp://xxx.xxx.xxx.xxx:15400))
2019-06-13T08:07:07.900Z DEBUG [logstash] logstash/async.go:111 connect
2019-06-13T08:07:08.015Z INFO pipeline/output.go:105 Connection to backoff(async(tcp://xxx.xxx.xxx.xxx:15400)) established
2019-06-13T08:07:08.017Z DEBUG [logstash] logstash/async.go:159 69 events out of 69 events sent to logstash host xxx.xxx.xxx.xxx:15400. Continue sending
2019-06-13T08:07:08.053Z ERROR logstash/async.go:256 Failed to publish events caused by: lumberjack protocol error
2019-06-13T08:07:08.053Z DEBUG [transport] transport/client.go:131 closing
2019-06-13T08:07:08.056Z DEBUG [logstash] logstash/async.go:159 69 events out of 69 events sent to logstash host xxx.xxx.xxx.xxx:15400. Continue sending
2019-06-13T08:07:08.056Z DEBUG [logstash] logstash/async.go:116 close connection
2019-06-13T08:07:08.056Z ERROR logstash/async.go:256 Failed to publish events caused by: client is not connected
2019-06-13T08:07:08.056Z DEBUG [logstash] logstash/async.go:116 close connection
filebeat config:
#----------------------------- Logstash output --------------------------------
output.logstash:
# The Logstash hosts
hosts: ["xxx.xxx.xxx.xxx:15400"]
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/ca_api/client/ca.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/etc/pki/ca_api/client/client.crt"
# Client Certificate Key
ssl.key: "/etc/pki/ca_api/client/client.key"
ssl.key_passphrase: "xxxxxxxx"
Logstash config:
input {
beats {
host => "0.0.0.0"
port => 5044 # which pointer by xxx.xxx.xxx.xxx:15400
}
}
Anyone can help with above issue. Thanks.