Ip is not shown in logstash process

We are implementing ELK stack for log monitoring. We are having logstash , elasticsearch and kibana running. we have installed filebeat in the servers where we want to monitor the logs.

ELK Stack(server IP:10.105.2.70) Process Status:
[‎4/‎19/‎2018 6:38 PM] Thorn, Matthias (Cognizant):
No Title
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1122/sshd
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 1337/master
tcp 0 0 wqprod09:esmagent 0.0.0.0:* LISTEN 2822/node
tcp6 0 0 localhost:wap-wsp [::]:* LISTEN 3188/java
tcp6 0 0 localhost:wap-wsp [::]:* LISTEN 3188/java
tcp6 0 0 [::]:5041 [::]:* LISTEN 22726/java
tcp6 0 0 localhost:vrace [::]:* LISTEN 3188/java
tcp6 0 0 localhost:vrace [::]:* LISTEN 3188/java
tcp6 0 0 [::]:ssh [::]:* LISTEN 1122/sshd
tcp6 0 0 localhost:smtp [::]:* LISTEN 1337/master
tcp6 0 0 localhos:micromuse-ncpw [::]:* LISTEN 22726/java
udp 0 0 wqprod09:ntp 0.0.0.0:* 759/ntpd
udp 0 0 localhost:ntp 0.0.0.0:* 759/ntpd
udp 0 0 0.0.0.0:ntp 0.0.0.0:* 759/ntpd
udp6 0 0 wqprod09:ntp [::]:* 759/ntpd
udp6 0 0 localhost:ntp [::]:* 759/ntpd
udp6 0 0 [::]:ntp [::]:* 759/ntpd

We are having error in filebeat. CAn you please tell me how to resolve this error.
2018-04-18T12:47:53.253Z ERROR pipeline/output.go:74 Failed to connect: dial tcp 10.105.2.70:5041: getsockopt: no route to host

Hi,

Is there a firewall between the two? Please start by reviewing the network connection between filebeat and logstash (Common problems | Filebeat Reference [8.11] | Elastic)

Can you please clarify me one thing also? in netstat command will ip also come with Port 5041?

I am thinking just because i am not having ip tagged with port 5041 in netstat command, i am getting no route to host error?

is it like that

You might want to be mindful to include sensitive information such as:
[‎4/‎19/‎2018 6:38 PM] Thorn, Matthias (Cognizant)

tcp6 0 0 [::]:5041 [::]:* LISTEN 22726/java
This is TCP v6 localhost listening on port 5041.
This netstat is this ran on a single node comprising of the E,L,K => Elastic Stack, and filebeat is on another server or the same?

Sorry for that.

is it possible to make logstash listening to ip instead of localhost.

yeah filebeat is installed on other server

I think you should review the server that filebeat is on and ensure that is able to communicate with the Elastic Stack server 10.105.2.70 ELK Stack(server IP:10.105.2.70)

Has the filebeat.yml been correctly updated to point to 10.105.2.70? See here for more: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.