I have set two VMs, one Ubuntu where I've installed ELK and another CentOS where I've installed Filebeat. I want to forward CentOS logs to ELK via filebeat. I have configured all my files correctly (I think) but when I run filebeat to forward logs to Logstash it gives the above error. If I change the output from logstash to Elasticsearch, the filebeat stops working and it gives the error Failed to start Filebeat sends log files to L..........
This is my Logstash COnfiguration in /etc/logstash/logstash.yml file
path.data: /var/lib/logstash
path.logs: /var/log/logstash
/logstash/conf.d/filebeat.conf file...
input {
beats {
port => 5044
}
}
filter {
}
output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "my_elastic_password"
selasticsearch.yml file...
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["hilmand-virtual-machine"]
http.host: 0.0.0.0
filebeat.yml file...
filebeat.inputs:
- type: log
enable: true
paths:
- /var/log/*.log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: dalse
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "192.168.254.66:5601"
**output.logstash:
**
hosts:
- 192.168.254.66:5044
all the ssl certificate related stuff is commented out