Filebeat 5.0 unable to send/publish logs to Logstash 5.0

VIJAYP · November 1, 2016, 6:59pm

Hi,

I am trying to monitor logs using Filebeat 5.0 from same host where ELK 5.0 is configured.

I see i/o timeout errors in /var/log/filebeat/filebeat:

This is happening on some hosts. I did verify the connectivity and it looks ok.

My filebeat.yml is as follows

filebeat.prospectors:
input_type: log
paths:

/var/log/message
document_type: log

filebeat.registry_file: /var/lib/filebeat/registry

output.logstash:
hosts: ["10.50.50.139:5044"]
index: filebeat
bulk_max_size: 2048

Logstash Configurations is as shown below:

I really appreciate all your help.

Thank you.
Vj.

ruflin · November 2, 2016, 8:37am

Why do you use an external IP if filebeat and LS are running on the same host? Do you see the error constantly or only from time to time?

VIJAYP · November 2, 2016, 3:52pm

Hi,

Thanks for your reply.

You are correct. LS and filebeat are running on the same host. I changed the configuration back to localhost:

hosts: ["localhost:5044"]

NOTE: NGINX is installed in same host and it's up and running.

Now, I see the "filebeat-*" index got created in elastic search ( little progress) and able to see some logs in kibana. But this happens only after stopping and starting logstash and filebeat. Every time I restart them I see logs being pushed to Elastic search. Otherwise, nothing happening.

Here's the filebeat Log:

Here's the Logstash Log (logstash-plain.log):

Please let me know if you need any other information related to configuration.

Appreciate all your help.

Best regards
Vj.

ruflin · November 3, 2016, 8:38am

Can you please post your log files as text? Pictures are very hard to read and its not possible to search inside. If the log is too big, paste it into a gist and link it here.

VIJAYP · November 3, 2016, 2:41pm

Hi,

Thanks for your reply.

After spending quite some time and doing multiple trail and errors I finally able to get logstash working.

In my logstash output plugin configuration I have "SNIFFING" set to true even though I don't have Elastic Cluster.

I set "sniffing => false" which fixed the issue.

Thank you
Vj.

system · November 22, 2016, 6:59pm

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
FileBeat not logging from a server but it is from other 6 Beats filebeat	3	945	March 22, 2017
Filebeat Elastic working, but filebeat logstash not working Logstash	6	3217	May 19, 2017
Logs not being sent to filebeats and logstash Beats filebeat	3	255	August 13, 2023
Filebeat connect to Elasticsearch failed Beats filebeat	4	421	June 25, 2020
Filebeat is not sending logs to logstash Logstash	11	12415	July 6, 2017

Filebeat 5.0 unable to send/publish logs to Logstash 5.0

Related Topics