Hello,
I'm using ELK ver.5.0 on a server and Filebeat ver.5.0 on my client server. I've followed the setup and config tutorials and managed to get everything running. However, it seems like I'm unable to connect filebeat to logstash.
This is what I see in my filebeat log:
2016-11-05T13:15:08+08:00 INFO Starting Registrar
2016-11-05T13:15:08+08:00 INFO Start sending events to output
2016-11-05T13:15:08+08:00 INFO Starting spooler: spool_size: 2048; idle_timeout: 5s
2016-11-05T13:15:08+08:00 ERR Connecting error publishing events (retrying): dial tcp 10.0.0.87:5044: getsockopt: connection refused
2016-11-05T13:15:09+08:00 ERR Connecting error publishing events (retrying): dial tcp 10.0.0.87:5044: getsockopt: connection refused
2016-11-05T13:15:11+08:00 ERR Connecting error publishing events (retrying): dial tcp 10.0.0.87:5044: getsockopt: connection refused
2016-11-05T13:15:15+08:00 ERR Connecting error publishing events (retrying): dial tcp 10.0.0.87:5044: getsockopt: connection refused
2016-11-05T13:15:23+08:00 ERR Connecting error publishing events (retrying): dial tcp 10.0.0.87:5044: getsockopt: connection refused
2016-11-05T13:15:38+08:00 INFO Non-zero metrics in the last 30s: filebeat.harvester.started=1 libbeat.publisher.published_events=2047 filebeat.harvester.open_files=1 filebeat.harvester.running=1
2016-11-05T13:15:39+08:00 ERR Connecting error publishing events (retrying): dial tcp 10.0.0.87:5044: getsockopt: connection refused
Also, it seems like port 5044 is not included when i checked my ports that are listening.
My filebeat.yml:
filebeat.prospectors:
- input_type: log
paths:
- /var/log/apache2/error.log
output.logstash:
hosts: []
My logstash-beats-input.conf:
input {
beats {
port => 5044
}
}
Thanks!