I have setup a new ELK stack using Elasticsearch, Kibana, LogStash, and Filebeat, however the files that should be picked up from the Filebeat service and transferred over to LogStash are not currently making it there for some reason, so when I go to check elasticsearch to see if the data made it through (using http endpoint at: http://elasticsearchsvr:9200/filebeath-*/_serach) it returns hits total = 0. I can't seem to figure out what is wrong.
Any help/advice is appreciated.
Note: The stack setup is currently setup as:
Elasticserach, Kibana, and LogStash on 1 server (running Linux Ubuntu Server 14.04)
Filebeat on another server (running Windows OS)
I have the Filebeat service to log in Debug, please see the following errors I am receiving.
[Filebeat Errors in log]
2017-01-26T09:03:31-06:00 DBG output worker: publish 50 events
2017-01-26T09:03:31-06:00 DBG connect
2017-01-26T09:03:31-06:00 DBG Try to publish 50 events to logstash with window size 10
2017-01-26T09:03:31-06:00 DBG handle error: EOF
2017-01-26T09:03:31-06:00 DBG closing
2017-01-26T09:03:31-06:00 DBG 0 events out of 50 events sent to logstash. Continue sending
2017-01-26T09:03:31-06:00 DBG close connection
2017-01-26T09:03:31-06:00 ERR Failed to publish events caused by: EOF
2017-01-26T09:03:31-06:00 INFO Error publishing events (retrying): EOF
2017-01-26T09:03:31-06:00 DBG close connection
2017-01-26T09:03:31-06:00 DBG send fail
2017-01-26T09:03:32-06:00 DBG connect
[LogStash Log errors]
{:message=>"Connection refused (Connection refused)", :class=>"Manticore::SocketException", .... :level=>:error}