I have simplest configuration
I have follwoing on system where log is being shipped from
cat filebeat.yml |grep -v '#' |sed '/^$/d'
filebeat.inputs:
type: log
enabled: true
paths:
/tmp/sensors*.log
scan_frequency: 10s
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.logstash:
hosts: ["elktst01:5044"]
console:
pretty: true
logging.level: debug
I have following on logstash config file.
cat beats.conf |grep -v '#' | sed '/^$/d'
input {
beats {
port => "5044"
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
But nothing is showing up on logstash output.
no output at all.
filebeat says it is harvesting file. but nothing on other side
Both machines are in in same network, both on linux system. no one has firewall setup.
I know I must be missing some tiny stuff somewhere.
This is not working from week now.
I can telnet elktst01 5044 from system where filebeat is running
Badger
February 15, 2019, 7:52pm
2
Your configuration is unreadable. Please edit your post, select the text of the configuration and click on </> in the toolbar above the editing pane.
elasticforme:
cat filebeat.yml |grep -v '#' |sed '/^$/d'
filebeat.inputs:
type: log
enabled: true
paths:
/tmp/sensors*.log
scan_frequency: 10s
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.logstash:
hosts: ["elktst01:5044"]
console:
pretty: true
logging.level: debug
I have following on logstash config file.
cat beats.conf |grep -v '#' | sed '/^$/d'
input {
beats {
port => "5044"
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
indent preformatted text by 4 spaces
Badger
February 15, 2019, 7:59pm
5
No. Looks like you quoted it rather than using blockquote (i.e. </>).
Blockquote
cat filebeat.yml |grep -v '#' |sed '/^$/d'
filebeat.inputs:
-type: log
enabled: true
paths:
/tmp/sensors*.log
scan_frequency: 10s
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.logstash:
hosts: ["elktst01:5044"]
console:
pretty: true
logging.level: debug
I have following on logstash config file.
cat beats.conf |grep -v '#' | sed '/^$/d'
input {
beats {
port => "5044"
}
}
filter {
}
output {
stdout { codec => rubydebug }
}
ok used blockquote. lets see if you can read. it. Since day one I have not figure out how to cut paste with proper formatting on this site.
I don't like output on logstash server
Starting input listener {:address=>"0.0.0.0:5044"}
why it is starting tcp port on 0.0.0.0 I need that on ip address. may be that is the problem here
pjanzen
(Paul Janzen)
February 15, 2019, 8:21pm
9
Your config is saying "listen to all available ips"
input {
beats {
port => "5044"
}
}
If you add the host parameter you can specify an ip.
input {
beats {
host => "<you logstash host ip address>"
port => "5044"
}
}
after restarting logstash, you will see listening on the specified ip.
Paul.
perefect now it is working.
basically I had to do two thing. add host => "hostname" in to logstash conf file
and add IP address in to filebeat.yml
netstat -pan |grep LISTEN |grep 5044 ( now shows up ip_addr:5044)
now I am getting my file transfer over.
Thank you all.
Badger
February 15, 2019, 9:04pm
11
I have seen programs that use 0.0.0.0 to mean "all available IPs that are not part of reserved CIDR blocks". I.e., it would not listen on an address in 192.168/16.
system
(system)
Closed
March 15, 2019, 9:12pm
12
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.