I have specified logstash output in the filebeat.yml file host: ["https://example.com/logstash"]. I have multiple services exposed through ingress and hence I want the logstash also to be exposed through the same ingress resource. The host attached to ingress resource is https://www.example.com. And I am using the .crt file of the TLS/SSL certificate associated with example.com in the certificate autority key of the filebeat.yml to secure the connection between filebeat and logstash. And in the logstash.yml which is running on kubernetes I have specified the input as tcp type instead of beats type. Logstash service is running of ClusterIP Type and has the following ingress rule
http: paths: - backend: serviceName: logstash-service servicePort: 5044 path: /logstash
Now when I run this entire setup the filebeat on the VM gives me error
output.go:100#011Failed to connect to backoff(async(tcp://https://example.com/logstash)): lookup https on 126.96.36.199:53: no such host Jul 29 19:35:16 EIC-Development-IS filebeat: 2019-07-29T19:35:16.954Z#011INFO#011pipeline/output.go:93#011Attempting to reconnect to backoff(async(tcp://https://example.com/logstash)) with 7 reconnect attempt(s) Jul 29 19:35:16 EIC-Development-IS filebeat: 2019-07-29T19:35:16.954Z#011DEBUG#011[logstash]#011logstash/async.go:111#011connect Jul 29 19:35:16 EIC-Development-IS filebeat: 2019-07-29T19:35:16.957Z#011WARN#011transport/tcp.go:53#011DNS lookup failure "https": lookup https on 188.8.131.52:53: no such host
Is this setup technically possible? What should be the host what I should specify in filebeat and what should be the logstash input type? Will specifying the tls.crt specified in filebeat help in authenticating with /logstash?