Hi
i tried to setup filebeat 7 in my client server..
log message shows:
May 22 22:50:06 beat filebeat: 2019-05-22T22:50:06.108+0800#011ERROR#011pipeline/output.go:100#011Failed to connect to backoff(async(tcp://192.168.136.164:5044)): dial tcp 192.168.136.x:5044: connect: connection refused
May 22 22:50:06 beat filebeat: 2019-05-22T22:50:06.109+0800#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(async(tcp://192.168.136.x:5044)) with 3 reconnect attempt(s)
i tried telnet , doesnt work...
filebeat.yml file:
filebeat.inputs:
Each - is an input. Most options can be set at the input level, so
you can use different inputs for various configurations.
Below are the input specific configurations.
-
type: log
Change to true to enable this input configuration.
enabled: true
Paths that should be crawled and fetched. Glob based paths.
paths:
- /var/log/messages
#- /var/log/*.log
#----------------------------- Logstash output --------------------------------
output.logstash:
The Logstash hosts
hosts: ["192.168.136.164:5044"]
ssl.certificate_authorities: ["/etc/ssl/certs/logstash-forwarder.crt"] - /var/log/messages
checked on logstash server - couldnt see any logs over there... but logstash service is running.
from logstash server i tried to connect telnet to es server, it works.
logstash.conf file:
input {
beats {
port => 5044
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGLINE}" }
}
date {
match => [ "timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ["http://192.168.136.159:9200" , "http://192.168.136.160:9200"]
user => "elastic"
password => "elastic"
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}
}
can help me to guide me , where i make mistake...
Thanks
Harry