Filebeat, challenge for the host to reach elasticsearh server using IP :9200

Joseph_John · October 29, 2019, 8:08am

Hi All,
I have installed elasticsearch, kibana
Later I tried filebeat installed on the same machine, in the SIEM I was getting the details of this host as host information. The communication between the filebeat service and elastisearch and kibana worked fine since it was in the same machine.

Now I need to get other hosts details, I have to install filebeat to other systems, after installing the “filebeat” service in other machine, my challenge is that how they will be communicate with the elasticsearch.

For Kibana service I was able to bind the loopback IP to port 5601, so any machine in my network can talk to kibana
But for Elastisearch,

If I change the “network.host” to the Server IP, it will shift from development mode to production mode, checks the pre requistive for the production enviornment and get fails, So my hosts cannot communicate to the elastisearch server IP with port 9200

Since host cannot communicate with the elasticservice using IP:9200. I was wondering if thehosts filbeat can push data to the kibana service and then kibana pass it to the elasticsearch server (kibana and elastisearch are on the same machine)

Also like to request advice on how can I stay in development mode, even after changing the “network.host” to server IP in “ /etc/elasticsearch/elasticsearch.yml”
Thanks
Joseph John

Kibana version:
7.4.1
Elasticsearch version:
7.4.1
APM Server version:
7.4.1
**filebeat version **
7.4.1
APM Agent language and version:
NA

MiTschMR · October 29, 2019, 11:01am

Hi @Joseph_John

In order to push data to Elasticsearch without using Elasticsearch you would have to use Logstash and configure it accordingly. Following some links that may help you (if you have not already seen them):

These links contain information about the development and production mode, the necessary checks that Elasticsearch does, configurable settings and more. You should be able to set the necessary setting(s), discovery.type: single-node, with these documentations.

Hope this helps.

Joseph_John · October 29, 2019, 11:31am

Thanks
I will refer the docs and check it
will update the progress
thanks
Joseph John

system · November 26, 2019, 11:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat cannot communicate with Kibana Beats filebeat	9	1167	October 29, 2022
Filebeat connect to Elasticsearch failed Beats filebeat	4	422	June 25, 2020
ELK+FileBeat Logstash	4	830	December 29, 2017
Connectivity issues to Elasticsearch via tcp\9200 Elasticsearch	18	13300	August 22, 2019
Filebeat -> logstash -> elastic -> kibana succesfully connected each other .But i dont see any log from filebeat in kibana view. Also index created in elasticsearch when filebeat connected Elasticsearch	1	275	February 11, 2021

Filebeat, challenge for the host to reach elasticsearh server using IP :9200

Related topics