Hi,
I have installed ELK Stack in my server and all seems to work fine, but when filebeat (installed on another server) tries to send the log to Logstash, an error appears:
ERROR [logstash] logstash/async.go:280 Failed to publish events caused by: client is not connected
When I try to connect from the client server, where filebeat is installed using telnet XXX.XXX.XXX.XXX 5044 it works fine.
There is probably a mistake in my filebeat config but i can't see it:
filebeat.inputs:
-type: log
paths:
- /var/log/httpd/access_log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.kibana:
host: "xxx.xxx.xxx.xxx:5601" #ELKServer IP
output.logstash:
hosts: ["xxx.xxx.xxx.xxx:5044"] #ELKServer IP
bulk_max_size: 1024
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
Filebeat apache module config:
- module: apache
access:
enabled: true
var.paths: ["/var/log/httpd/access_log"]
error:
enabled: false
var.paths: ["/var/log/httpd/error_log"]
Also my logstash configuration:
path.data: /var/lib/logstash
path.logs: /var/log/logstash
http.port: 5044
http.host: 0.0.0.0
And my logstash input / output conf:
input {
beats {
port => 5044
}
}
filter {
if [event][module] == "apache" {
if [fileset][name] == "access" {
grok {
match => ["message" => "%{COMBINEDAPACHELOG}"]
}
}
}
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}"
}
}
I really would appreciate your help. I have been looking for days and I can't find where the issue is.
Thanks in advance.