Hi All,
I have installed elasticsearch, kibana
Later I tried filebeat installed on the same machine, in the SIEM I was getting the details of this host as host information. The communication between the filebeat service and elastisearch and kibana worked fine since it was in the same machine.
Now I need to get other hosts details, I have to install filebeat to other systems, after installing the “filebeat” service in other machine, my challenge is that how they will be communicate with the elasticsearch.
For Kibana service I was able to bind the loopback IP to port 5601, so any machine in my network can talk to kibana
But for Elastisearch,
If I change the “network.host” to the Server IP, it will shift from development mode to production mode, checks the pre requistive for the production enviornment and get fails, So my hosts cannot communicate to the elastisearch server IP with port 9200
Since host cannot communicate with the elasticservice using IP:9200. I was wondering if thehosts filbeat can push data to the kibana service and then kibana pass it to the elasticsearch server (kibana and elastisearch are on the same machine)
Also like to request advice on how can I stay in development mode, even after changing the “network.host” to server IP in “ /etc/elasticsearch/elasticsearch.yml”
Thanks
Joseph John
Kibana version:
7.4.1
Elasticsearch version:
7.4.1
APM Server version:
7.4.1
**filebeat version **
7.4.1
APM Agent language and version:
NA