Filebeat connection error

txisme · November 24, 2016, 11:35am

Hey,

using filebeat 5.0 for the first time. Using filebeat.yml that i used for version 2.4 but it s not working

filebeatlog:

2016-11-24T11:24:40Z INFO Starting prospector of type: log
2016-11-24T11:24:40Z INFO Starting prospector of type: log
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/controller
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/im
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/topo-gc.log.0.current
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/logm
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/controller-gc.log.0.current
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/ndm
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/im-gc.log.0.current
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/pce
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/logm-gc.log.0.current
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/slam
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/ndm-gc.log.0.current
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/Heap_Logs/topo
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/pce-gc.log.0.current
2016-11-24T11:24:40Z INFO Harvester started for file: /coriant/sdn/logs/tc/GC_Logs/slam-gc.log.0.current
2016-11-24T11:24:40Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:24:41Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:24:44Z ERR Failed to publish events caused by: EOF
2016-11-24T11:24:44Z INFO Error publishing events (retrying): EOF
2016-11-24T11:24:48Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:24:56Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:25:10Z INFO Non-zero metrics in the last 30s: libbeat.logstash.published_but_not_acked_events=2033 libbeat.logstash.call_count.PublishEvents=1 libbeat.publisher.published_events=2033 filebeat.harvester.running=15 filebeat.harvester.started=15 libbeat.logstash.publish.read_errors=1 filebeat.harvester.open_files=15 libbeat.logstash.publish.write_bytes=935
2016-11-24T11:25:12Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:25:40Z INFO No non-zero metrics in the last 30s
2016-11-24T11:25:44Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:26:10Z INFO No non-zero metrics in the last 30s
2016-11-24T11:26:40Z INFO No non-zero metrics in the last 30s
2016-11-24T11:26:44Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:27:10Z INFO No non-zero metrics in the last 30s
2016-11-24T11:27:40Z INFO No non-zero metrics in the last 30s
2016-11-24T11:27:44Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:28:10Z INFO No non-zero metrics in the last 30s
2016-11-24T11:28:40Z INFO No non-zero metrics in the last 30s
2016-11-24T11:28:44Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused
2016-11-24T11:29:10Z INFO No non-zero metrics in the last 30s
2016-11-24T11:29:40Z INFO No non-zero metrics in the last 30s
2016-11-24T11:29:44Z ERR Connecting error publishing events (retrying): dial tcp 10.46.161.212:5044: getsockopt: connection refused

and this is my filebeat.yml ouput part:

  logstash:
    # The Logstash hosts
    hosts: ["ptlisvlsdn033.dci.co-int.net:5044"]

Is this maybe a proxy problem? it shouldnt be as both machines are in the same local network.

txisme · November 24, 2016, 1:10pm

using new simpler filebeat.yml and still same log errors.

here is logstash logs:

[2016-11-24T13:05:56,502][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"]}
[2016-11-24T13:05:56,510][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>["http://localhost:9200"]}}
[2016-11-24T13:05:56,512][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2016-11-24T13:05:56,526][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2016-11-24T13:05:56,534][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"]}
[2016-11-24T13:05:56,545][INFO ][logstash.outputs.elasticsearch] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>["http://localhost:9200"]}}
[2016-11-24T13:05:56,546][INFO ][logstash.outputs.elasticsearch] Using mapping template from {:path=>nil}
[2016-11-24T13:05:56,560][INFO ][logstash.outputs.elasticsearch] Attempting to install template {:manage_template=>{"template"=>"logstash-*", "version"=>50001, "settings"=>{"index.refresh_interval"=>"5s"}, "mappings"=>{"_default_"=>{"_all"=>{"enabled"=>true, "norms"=>false}, "dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword"}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date", "include_in_all"=>false}, "@version"=>{"type"=>"keyword", "include_in_all"=>false}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}}
[2016-11-24T13:05:56,565][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["localhost:9200"]}
[2016-11-24T13:05:56,637][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}

txisme · November 24, 2016, 1:27pm

Metricbeat is working fine sending logs directly to elasticsearch. Does this means that the problem is in Logstash?

ruflin · November 25, 2016, 10:10am

It means there are some connection issues to Logstash. There are already quite a few threads on this on discuss. Have a look at these topics for help: https://discuss.elastic.co/search?q=Failed%20to%20publish%20events%20caused%20by%3A%20EOF If none if these helps, let us know.

system · December 15, 2016, 11:36am

This topic was automatically closed after 21 days. New replies are no longer allowed.