I have an elastic cluster using logstash as the receiver of data. I have several windows machines collecting logs with filebeat and sending to logstash to view in kibana. This is working fine. I now need to add a Linux centos7 server in the collection pool. I've installed filebeat, configured the yml file, and started the service. If I output to a file on the Linux machine, it seems to be collecting the logs correctly.
I still can't see them in Kibana if I remove the file output and add the logstash host in the filebeat config. Yes, I restarted the filebeat service after making the change.
If I telnet from the linux box running filebeat to the logstash node and port, communication looks good.
How can I check logstash to see if it is receiving anything from filebeat?
Thanks.