Hello, I'm trying to do a POC on ELK + Filebeat. I configured the entire setup on my local machine and it works fine. Filebeats is able to establish a connection to Logstash.
But when I installed Filebeats on a remote server, it is unable to connect to Logstash. It is throwing below error..
2018-01-12T10:46:15Z INFO Non-zero metrics in the last 30s: beat.info.uptime.ms=30000 beat.memstats.gc_next=7853760 beat.memstats.memory_alloc=3993112 beat.memstats.memory_total=32834728 filebeat.harvester.open_files=1 filebeat.harvester.running=1 libbeat.config.module.running=0 libbeat.pipeline.clients=1 libbeat.pipeline.events.active=2864 registrar.states.current=1
2018-01-12T10:46:15Z DBG [prospector] Run prospector
2018-01-12T10:46:15Z DBG [prospector] Start next scan
2018-01-12T10:46:15Z DBG [prospector] Check file for harvesting: /home/bgnft/Vijai_NFT/POC_Logs/TraceRequest2
2018-01-12T10:46:15Z DBG [prospector] Update existing file for harvesting: /home/bgnft/Vijai_NFT/POC_Logs/TraceRequest2, offset: 642408
2018-01-12T10:46:15Z DBG [prospector] Harvester for file is still running: /home/bgnft/Vijai_NFT/POC_Logs/TraceRequest2
2018-01-12T10:46:15Z DBG [prospector] Prospector states cleaned up. Before: 1, After: 1
2018-01-12T10:46:16Z ERR Failed to connect: dial tcp XX.XX.XXX.X:5044: i/o timeout
2018-01-12T10:46:16Z DBG [logstash] connect
2018-01-12T10:46:20Z DBG [harvester] End of file reached: /home/bgnft/Vijai_NFT/POC_Logs/TraceRequest2; Backoff now.
I'm able to Ping my local machine from Remote server. Checking with Network team if any firewall is blocking the port. Apart from this, any thing else I need to check.
Logstash Configuration
input {
beats {
port => 5600
}
}
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:log_level} %{GREEDYDATA:Action} %{GREEDYDATA:Protocol_IP} Request trace start: %{USERNAME:Userid} %{GREEDYDATA:Method} %{GREEDYDATA:URL}" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logs1"
}
stdout {
codec => rubydebug
}
}