I am new to ELK, and I have:
- Elasticsearch 5.3.0
- Kibana 5.3.0
- Logstash 1:5.3.0
- Filebeat 5.3.0
filebeat.yml
filebeat:
prospectors:
-
paths:
- /${BASEPATH}/nginx-logs/*.log
input_type: log
document_type: nginx-access
#harvester_limit: 500
#close_eof: true
#ignore_older: 1h
registry_file: /var/lib/filebeat/registry
output:
logstash:
hosts: ["${Logstash_Server}:5044"]
bulk_max_size: 1024
tls:
certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:
logging.level: warning
logging.to_files: true
logging.to_syslog: false
logging.files:
path: /var/log/mybeat
name: mybeat.log
keepfiles: 7
logstash/conf.d/02-beats-input.conf
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
logstash/conf.d/11-nginx-filter.conf
filter {
if [type] == "nginx-access" {
grok {
match => { "message" => "%{NGINXACCESS}" }
overwrite => ["message"]
}
}
}
And I'm getting error message:
2017-04-12T20:08:30+08:00 INFO No non-zero metrics in the last 30s
2017-04-12T20:08:47+08:00 ERR Failed to publish events caused by: read tcp 10.0.3.200:48134->10.0.6.35:5044: read: connection reset by peer
2017-04-12T20:08:47+08:00 INFO Error publishing events (retrying): read tcp 10.0.3.200:48134->10.0.6.35:5044: read: connection reset by peer
2017-04-12T20:09:00+08:00 INFO Non-zero metrics in the last 30s: libbeat.logstash.call_count.PublishEvents=1 libbeat.logstash.publish.read_errors=1 libbeat.logstash.publish.write_bytes=419 libbeat.logstash.published_but_not_acked_events=102
4
any ideas?