I have configured ELK cluster basic version and enabled TLS/SSL. it works fine until logstash. The communication between filebeat to logstash is not working. I dont see any errors in filebeat. Please help if SSL configuration below is right.
Here is my configuration:
filebeat:
filebeat.inputs:
-
type: log
close_inactive: 10menabled: true
paths:
- /app1/log/rp.log
fileds: {log_type: APP_RP_AMS1}
- /app1/log/rp.log
output.logstash:
hosts: ["logstash.com:5033"]
ssl.certificate_authorities:
- /app1/filebeat/config/certs/ca.crt
Filebeat trace:
"filebeat":{"harvester":{"open_files":1,"running":1}},"libbeat":{"config":{"module":{"running":0},"reloads":3}
Logstash config: logstash.yml
node.name: logstash.local
#path.config: /usr/share/logstash/pipeline-config/*.conf
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: 'pwd'
xpack.monitoring.elasticsearch.hosts: [ "https://es01.com:9200" ]
xpack.monitoring.elasticsearch.ssl.certificate_authority: /usr/share/logstash/config/certs/ca.crt
Pipeline config:
input {
beats {
port =>5033
ssl => true
ssl_key => '/usr/share/logstash/config/certs/logstash.pkcs8.key'
ssl_certificate => '/usr/share/logstash/config/certs/logstash.crt'
}
}
filter {
}
output {
if [fields][log_type] == "APP_RP_AMS1" {
elasticsearch {
hosts => ["https://es01.flex.com:9200","https://es02.flex.com:9200","https://es03.flex.com:9200"]
index => "rp_ams1_log-%{+YYYY.MM.dd}"
cacert => '/usr/share/logstash/config/certs/ca.crt'
user => 'logstash_writer'
password => 'pwd'
}
}