I am currently configuring an ELK stack with three separate hosts for each service (Elastic search on one host, Logstash on another, and Kibana on the last) I have verified that Elasticsearch and Kibana are accessible from all hosts utilizing curl. However, I can not curl to the Logstash host but I believe this is expected. I configured filebeat on my Logstash host and have the output set to Logstash instead of ES. I was able to run the following command:
"filebeat setup — index-management -E output.logstash.enabled=false -E ‘output.elasticsearch.hosts=[“ES-host:9200”]’"
and got the following output:
"Overwriting ILM policy is disabled. Set
setup.ilm.overwrite: true for enabling.
Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Loaded Ingest pipelines"
I believe this signifies as I did not get any errors that all hosts are able to communicate to one another properly. However, when I go to http://kibanahost:5601 and try to enable the Logstash logs integration I am receiving the error:
"No data has been received from this module yet"
I have tried stopping and starting services and even completely reinstalling the ELK stack but I am still receiving the same error message. If someone could provide assistance it would be greatly appreciated. Let me know if any further information is required.
Utilized APT, deb, and wget to receive all necessary installs
Versions for Elasticsearch, Kibana, Logstash, filebeat are 8.6.2
All sections in the yml files and logstash conf.d files are set to the actual host IP with the proper port not localhost
The main reference I used during this process: How to Install Elastic Stack on Ubuntu 22.04 LTS | by Ravindu Thomas | InfoSec Write-ups
Note: in my main reference they utilize one host for all three services, all sections that mention "localhost" have been changed to the appropriate IP. Additionally, it mentions utilizing the repository "elastic-7.x.list" I ensured that this was changed to elastic-8.x.list and "deb https://artifacts.elastic.co/packages/8.x/apt stable main"