Filebeat no connection could be made because the target machine actively refused it

Hi all,

I am trying to read logs from beats to logstash in the same machine.
I am getting an error no connection could be made because the target machine actively refused it

My logstash conf file

input {
    beats {
        port => 6523	
    }
}
 
filter {
  #If log line contains tab character followed by 'at' then we will tag that entry as stacktrace
  if [message] =~ "\tat" {
    grok {
      match => ["message", "^(\tat)"]
      add_tag => ["stacktrace"]
    }
  }
 
}
 
output {
   
  stdout {
  }
 
  # Sending properly parsed log events to elasticsearch
  elasticsearch {
    hosts => ["localhost:9200"]
	index => "%{[@metadata][beat]}-%{[@metadata][version]}" 
  }
}

}

My filebeat.yml is

filebeat.inputs:

- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - D:\var\log\*
    #- c:\programdata\elasticsearch\logs\*

# ------------------------------ Logstash Output -------------------------------
output.logstash:
  # The Logstash hosts
  hosts: ["127.0.0.1:6523"]

Appreciate if someone can help me. I read all other posts but didn't help.

By default a beats input will listen on 0.0.0.0. What that means depends on the TCP stack, it certainly can mean different things on different stacks. You are trying to connect to 127.0.0.1, which is one of the many addresses on the loopback interface. I suggest you configure the beats input to explicitly listen on that address.

host => "127.0.0.1"

Hi thank you for your reply. I updated but i got same error

What do you have in logstash logs? Start logstash and share the logs to see if there is any indication of what is causing this issue.

Hi,

Thank you for the reply.There is no error logs in logstash

[2021-05-06T19:42:10,628][INFO ][logstash.runner          ] Log4j configuration path used is: C:\Program Files\ELK Stack\logstash-7.12.1\config\log4j2.properties
[2021-05-06T19:42:10,657][INFO ][logstash.runner          ] Starting Logstash {"logstash.version"=>"7.12.1", "jruby.version"=>"jruby 9.2.13.0 (2.5.7) 2020-08-03 9a89c94bcc Java HotSpot(TM) 64-Bit Server VM 25.211-b12 on 1.8.0_211-b12 +indy +jit [mswin32-x86_64]"}
[2021-05-06T19:42:10,912][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2021-05-06T19:42:13,480][INFO ][logstash.agent           ] Successfully started Logstash API endpoint {:port=>9600}
[2021-05-06T19:42:16,016][INFO ][org.reflections.Reflections] Reflections took 94 ms to scan 1 urls, producing 23 keys and 47 values 
[2021-05-06T19:42:24,240][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:removed=>[], :added=>[http://localhost:9200/]}}
[2021-05-06T19:42:24,662][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"http://localhost:9200/"}
[2021-05-06T19:42:24,772][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2021-05-06T19:42:24,780][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` event field won't be used to determine the document _type {:es_version=>7}
[2021-05-06T19:42:24,916][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["http://localhost:9200"]}
[2021-05-06T19:42:25,059][INFO ][logstash.outputs.elasticsearch][main] Using a default mapping template {:es_version=>7, :ecs_compatibility=>:disabled}
[2021-05-06T19:42:25,244][INFO ][logstash.javapipeline    ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.workers"=>8, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>1000, "pipeline.sources"=>["D:/2.Data Engineer/ELK/logstash.conf"], :thread=>"#<Thread:0x626174fe run>"}
[2021-05-06T19:42:25,314][INFO ][logstash.outputs.elasticsearch][main] Attempting to install template {:manage_template=>{"index_patterns"=>"logstash-*", "version"=>60001, "settings"=>{"index.refresh_interval"=>"5s", "number_of_shards"=>1}, "mappings"=>{"dynamic_templates"=>[{"message_field"=>{"path_match"=>"message", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false}}}, {"string_fields"=>{"match"=>"*", "match_mapping_type"=>"string", "mapping"=>{"type"=>"text", "norms"=>false, "fields"=>{"keyword"=>{"type"=>"keyword", "ignore_above"=>256}}}}}], "properties"=>{"@timestamp"=>{"type"=>"date"}, "@version"=>{"type"=>"keyword"}, "geoip"=>{"dynamic"=>true, "properties"=>{"ip"=>{"type"=>"ip"}, "location"=>{"type"=>"geo_point"}, "latitude"=>{"type"=>"half_float"}, "longitude"=>{"type"=>"half_float"}}}}}}}
[2021-05-06T19:42:27,228][INFO ][logstash.javapipeline    ][main] Pipeline Java execution initialization time {"seconds"=>1.97}
[2021-05-06T19:42:29,744][INFO ][logstash.javapipeline    ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-05-06T19:42:29,888][INFO ][logstash.agent           ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}

You should have a message

[INFO ][logstash.inputs.beats ][main] Beats inputs: Starting input listener {:address=>"127.0.0.1:6523"}

If that is missing it suggests you are not running the configuration that you think you are.

Hey thank you for the reply

Why i don't get any output from logstash after this

2021-05-07T10:26:27,570][INFO ][filewatch.observingtail  ][main][56b3e5a1c7def459acdd04c5ae6a0b797103bdcb8a6d484324574bfa87fd502c] START, creating Discoverer, Watch with file and sincedb collections

How are you starting logstash and what do you have in this file: D:\2.Data Engineer\ELK\logstash.conf?

This is the config that your logstash is running, it is the same that you shared before?

HI, I added

sincedb_path => "NULL"

This line to input of logstash conf file

Thank you for all giving your valuable time. really appreciate it. I resolved the issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.