I am struggling so badly with this issue. I am trying to use filebeat to send logs to logstash and I get this kind of error:
2018-02-10T04:27:51.356+0100 INFO [monitoring] log/log.go:124 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":5550,"time":5554},"total":{"ticks":14330,"time":14334,"value":14330},"user":{"ticks":8780,"time":8780}},"info":{"ephemeral_id":"8fe71630-faed-4$
2018-02-10T04:28:21.355+0100 INFO [monitoring] log/log.go:124 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":5550,"time":5557},"total":{"ticks":14350,"time":14360,"value":14350},"user":{"ticks":8800,"time":8803}},"info":{"ephemeral_id":"8fe71630-faed-4$
2018-02-10T04:28:28.014+0100 ERROR pipeline/output.go:74 Failed to connect: dial tcp 192.162.71.162:5044: getsockopt: connection timed out
I have 3 servers. One hosts ELS and LS, and two others are clients. One of the clients is sending logs correctly and another does not.
The difference between both clients is that the one working fine runs on Debian 9 whereas the failing one runs on Centos 7. LS and ELS are hosted on Debian 8
Filebeat config on both clients:
output.logstash:
# The Logstash hosts
hosts: ["myserverip:5044"]
LS config:
input {
beats {
port => 5044
ssl => false
ssl_certificate => "/etc/ssl/logstash/logstash.crt"
ssl_key => "/etc/ssl/logstash/logstash.key"
}
}
output {
elasticsearch {
hosts => localhost
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
geoip {
source => "clientip"
}
}
No SSL, all ELS, LS and FB are latest versions: 6.x
Any help?