Filebeat Failed to connect to backoff(async(tcp:logstash:5044

I have set two VMs, one Ubuntu where I've installed ELK and another CentOS where I've installed Filebeat. I want to forward CentOS logs to ELK via filebeat. I have configured all my files correctly (I think) but when I run filebeat to forward logs to Logstash it gives the above error. If I change the output from logstash to Elasticsearch, the filebeat stops working and it gives the error Failed to start Filebeat sends log files to L..........

This is my Logstash COnfiguration in /etc/logstash/logstash.yml file /var/lib/logstash
path.logs: /var/log/logstash

/logstash/conf.d/filebeat.conf file...

input {
  beats {
    port => 5044


filter {


output {

  elasticsearch {

    hosts => ["http://localhost:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    user => "elastic"
    password => "my_elastic_password"

selasticsearch.yml file... /var/lib/elasticsearch
path.logs: /var/log/elasticsearch true true
  enabled: true
  keystore.path: certs/http.p12
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["hilmand-virtual-machine"]

filebeat.yml file...

- type: log
enable: true

- /var/log/*.log

 path: ${path.config}/modules.d/*.yml
reload.enabled: dalse
index.number_of_shards: 1

host: ""



all the ssl certificate related stuff is commented out

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.