Filebeat -> Logstash Connection ISSUE

Sundaramoorthy_Anand · July 12, 2019, 9:07am

My ELK is in a server of xyzcorp.com of IP 16.xxx.xxx.xxx and filebeat is in xyz.com of IP 16.aaa.aaa.aaa

Both are in different domains but in same intranet umbrella.

In filebeat.yml, I'm enabling the output.logstash

- type: log
  enabled: true

  paths:
    - /path/to/*.log

output.logstash:
      # The Logstash hosts
      hosts: ["16.xxx.xxx.xxx:5044"]

and in logstash.config,

input {
        beats {
                type => beats
                port => 5044
                host => "16.xxx.xxx.xxx"
        }
}

and logstash.yml is unchanged

What is going wrong? I dont know!
Giving the following error:

  2019-07-12T06:57:20.928Z        ERROR   pipeline/output.go:100  Failed to connect to backoff(async(tcp://16.xxx.xxx.xxx:5044)): dial tcp 16.xxx.xxx.xxx:5044: i/o timeout
  2019-07-12T06:57:20.929Z        INFO    pipeline/output.go:93   Attempting to reconnect to backoff(async(tcp://16.xxx.xxx.xxx:5044)) with 2 reconnect attempt(s)

harshbajaj16 · July 12, 2019, 9:33am

Hi @Sundaramoorthy_Anand,

Please check the below following points:
Are you able to do telnet or ping the host??
Are the port open or any rule??

Regards,
Harsh Bajaj

Sundaramoorthy_Anand · July 12, 2019, 10:33am

Yes ping is working and telnet to port 22/23/5044 is giving connection timed out error.

Where to see those port rules? Firewalld service is NOT running in the servers, actually.

harshbajaj16 · July 12, 2019, 11:23am

Hi @Sundaramoorthy_Anand,

Its look like there is some blockage on port. However you said that firewalld is not running.

Sundaramoorthy_Anand · July 12, 2019, 11:28am

Changing it to a different port will give any improvement?

harshbajaj16 · July 12, 2019, 11:31am

Could you please share the telnet command which you are running on your machine.

Actually, we need find the problem first and i don't think so changing port will give any result.

Regards,
Harsh Bajaj

Sundaramoorthy_Anand · July 12, 2019, 11:38am

telnet <ip> 5044
Trying <ip>...
telnet: connect to address <ip>: Connection timed out

I also tried with other ports like 22 and 23 results in same ERROR

harshbajaj16 · July 15, 2019, 4:02am

Hi @Sundaramoorthy_Anand,

There may be some problem or blockage with your firewall setting.

Regards,
Harsh Bajaj

Sundaramoorthy_Anand · July 16, 2019, 6:16am

Any comments on Filebeat and Logstash on different domains but on same data center umbrella?

system · August 13, 2019, 6:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to connect to backoff(async(tcp://IP:5044)): dial tcp IP:5044: i/o timeout Beats	1	673	June 25, 2020
Port need to open for filebeat and logstash Beats filebeat	3	449	September 15, 2021
FileBeat cant connect to Logstash Beats filebeat	5	700	October 17, 2019
Filebeat: tcp xx.xx.xx.xx:5044: i/o timeout Beats filebeat	6	3599	September 9, 2018
ERR Connecting error publishing events (retrying): dial tcp x.x.x.x:5044: getsockopt: connection refused Logstash	4	1872	October 5, 2018

Filebeat -> Logstash Connection ISSUE

Related Topics