while shipping the log filebeat give an error i.e. INFO Connecting error publishing events (retrying): dial tcp 10.228.13.59:5044: getsockopt: connection refused
my logstash configuration file is
input {
beats {
port => 5044
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
if [type] == "apache-access" {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
}
now i'm not able to connect telnet connection and also I've checked the logstash log file the error is
"2017-01-11T10:46:15,840][WARN ][logstash.outputs.elasticsearch] Elasticsearch output attempted to sniff for new connections but cannot. No living connections are detected. Pool contains the following current URLs {:url_info=>{}}
[2017-01-11T10:46:19,012][WARN ][logstash.shutdownwatcher ] {}
"
thank you sir but now telnet connection is working fine and also the connection refuse error is not coming in filebeat.... but still log is not coming
What's in Logstash's log? The "No living connections are detected" message you posted earlier is probably not the only interesting message. What does your elasticsearch output plugin configuration look like?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.