How to ship logs from filebeat to elasticsearch

gisellecarballo · June 23, 2022, 4:04pm

Hi Everyone,
I am trying to form a setup where my cisco devices syslog to be sent to filebeat and then filebeat will send it to elasticsearch so that it can be viewed on kibana.

Problem: Filebeat error is The requested URL could not be retrieved. 503 service unavailable

Below is my current configuration:

**filebeat server: 172.30.169.51**
--
filebeat.inputs
- type: syslog
enabled: false
paths:
    - /var/log/*.log

- type: filestream
  enabled: false
    - /var/log/*.log

filebeat.config.modules:
  enabled: false
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true

setup.template.settings:
  index.number_of_shards: 1


setup.kibana:
  host: "https://172.30.169.50:5000"
  ssl.verification_mode: "none"
  username: "elastic"
  password: "m4gN3s!@.123"

output.elasticsearch:
   hosts: ["172.30.169.50:9200"]
   ssl.verification_mode: "none"
   username: "elastic"
   password: "m4gN3s!@.123"

indices:
- index: "sbx-%{+yyyy.MM.dd}"
  when.regexp:
   hostname: "^SBX-SS01.*"

processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

setup.ilm.overwrite: true
---
**Troubleshooting:**
**Command was done under filebeat server:**
root@filelogs01-ph:~# nc -zv -w5  172.30.169.50 9200
Connection to 172.30.169.50 9200 port [tcp/*] succeeded!
~
root@filelogs01-ph:~# curl -u elastic "http://172.30.169.50:9200/_cat/indices"
Enter host password for user 'elastic':
green open .security-7                     SGZB30AyR62Tldu36eAOsA 1 0  60    0 276.8kb 276.8kb
green open .apm-custom-link                rJpdqcMtQryvdDgOK9yFNA 1 0   0    0    226b    226b
green open .apm-agent-configuration        0fZldFi3R9y3Jfd_lgMMUw 1 0   0    0    226b    226b
green open .async-search                   Uc2q4OlRTPK12eRimZJnbw 1 0  12    4 105.7kb 105.7kb
green open .kibana_task_manager_7.17.4_001 mYgoqTxeRkyNClEpWyaCBQ 1 0  18 3367   2.5mb   2.5mb
green open .fleet-policies-7               VqPP2BZMQhurIqcsv8uaCw 1 0   2    0  11.3kb  11.3kb
green open .kibana_7.17.4_001              5glUOGE8TnG4GNoFYu0OZA 1 0 576   54   2.4mb   2.4mb
green open .tasks                          7hTFpMWaS5CSEHQ_Asrn4Q 1 0  22    0  66.5kb  66.5kb
~
root@filelogs01-ph:~# curl -u elastic "http://172.30.169.50:9200/_cat/health?v&pretty"
Enter host password for user 'elastic':
epoch      timestamp cluster       status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1656028882 00:01:22  elasticsearch green           1         1     13  13    0    0        0             0                  -                100.0%

![image|690x44](upload://oMZQjsMD75aYfQrRtJal144Vnx3.png)


![image|690x116](upload://dqWCLLjhmi9gmdLobrtNkmVbI4C.png)

Thank you so much in advance

gisellecarballo · June 23, 2022, 8:14pm

Hi Team,

Please ignore this.
This is now solved

warkolm · June 24, 2022, 12:10am

In future please don't post pictures of text, logs or code. They are difficult to read, impossible to search and replicate (if it's code), and some people may not be even able to see them

system · July 22, 2022, 12:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.