Filebeat to logstash not working

Elastic Stack Logstash
1

I have configured ELK cluster basic version and enabled TLS/SSL. it works fine until logstash. The communication between filebeat to logstash is not working. I dont see any errors in filebeat. Please help if SSL configuration below is right.

Here is my configuration:

filebeat:

filebeat.inputs:

  • type: log
    close_inactive: 10m

    enabled: true

    paths:

    • /app1/log/rp.log
      fileds: {log_type: APP_RP_AMS1}

output.logstash:
hosts: ["logstash.com:5033"]
ssl.certificate_authorities:
- /app1/filebeat/config/certs/ca.crt

Filebeat trace:
"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0},"reloads":3}

Logstash config: logstash.yml

node.name: logstash.local
#path.config: /usr/share/logstash/pipeline-config/*.conf
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 'pwd'
xpack.monitoring.elasticsearch.hosts: [ "https://es01.com:9200" ]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/ca.crt

Pipeline config:

input {
beats {
port =>5033

            ssl => true
            ssl_key => '/usr/share/logstash/config/certs/logstash.pkcs8.key'
            ssl_certificate => '/usr/share/logstash/config/certs/logstash.crt'
             }

}
filter {
}
output {
if [fields][log_type] == "APP_RP_AMS1" {
elasticsearch {
hosts => ["https://es01.flex.com:9200","https://es02.flex.com:9200","https://es03.flex.com:9200"]
index => "rp_ams1_log-%{+YYYY.MM.dd}"
cacert => '/usr/share/logstash/config/certs/ca.crt'
user => 'logstash_writer'
password => 'pwd'
}
}

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.