This is correct output section ?
output {
if[type] == "access_log" {
elasticsearch {
hosts => [ "http://localhost:9200" ]
manage_template => false
index => "access_log-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
in LS log i see messages
[DEBUG][logstash.pipeline ] output received {"event"=>{"host"=>{"containerized"=>true, "name"=>"pre-stage1.shop.shop.ru", "architecture"=>"x86_64", "os"=>{"platform"=>"centos", "codename"=>"Final", "version"=>"6.5 (Final)", "family"=>"redhat"}}, "@version"=>"1", "source"=>"/opt/app/log/tomcat/access.2019-01-18.log", "prospector"=>{"type"=>"log"}, "@timestamp"=>2019-01-18T08:15:08.873Z, "beat"=>{"hostname"=>"pre-stage1.shop.shop.ru", "name"=>"pre-stage1.shop.rivegauche.ru", "version"=>"6.5.4"}, "input"=>{"type"=>"log"}, "message"=>"10.129.10.9 - - [18/Jan/2019:11:14:59 +0300] GET /solrfacetsearch/master_rive_Product/replication?command=indexversion&wt=javabin&qt=%2Freplication&version=2 HTTP/1.1 200 80 [Solr[org.apache.solr.client.solrj.impl.HttpSolrServer] 1.0] [-] 1ms", "tags"=>["beats_input_codec_plain_applied"], "offset"=>598210}}
but no data in ES
and on filebeats server log
2019-01-18T11:24:16.925+0300 ERROR logstash/async.go:256 Failed to publish events caused by: write tcp 10.129.10.8:34037->10.129.10.7:5044: write: connection reset by peer
2019-01-18T11:24:16.925+0300 DEBUG [logstash] logstash/async.go:116 close connection
2019-01-18T11:24:17.926+0300 ERROR pipeline/output.go:121 Failed to publish events: write tcp 10.129.10.8:34037->10.129.10.7:5044: write: connection reset by peer