Can you please post more of your Filebeat configuration so that we can verify you have indented the configuration correctly.
Are you able to connect to Logstash using curl? On success you should get a response like "curl: (52) Empty reply from server" since Logstash isn't an actual HTTP server.
So in my logstash configuration when i disable ssl_verify_mode and ssl_certificate_authorities, the same certificates are valid and i can see the logs coming in.
Basically when enabling client certificate validation, this doesn't work (Initially i had intermediate CA's, removing that didn't help either). Does it mean that filebeat can validate the server certificate but logstash cannot validate when enabling client certificate check.
If it works when you disable the validation of the client certificates then there is probably a problem with the certificates used by Filebeat to authenticate itself. You can use openssl s_client to negotiate a connection to Logstash. This will probably give you some more details on the connection issues.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.