Hi,
I've been trying to connect Logstash Netflow module with Kibana. I followed the documentation in the link. https://www.elastic.co/guide/en/logstash/6.x/netflow-module.html
My whole scenario is that I have elasticsearch and Kibana on one instance, however Kibana is accessable behind a proxy. Every time I'm trying to execute the setup for the logstash netflow module, connection is continuously timing out as per below screenshot.
<hostname-redacted>% bin/logstash --path.settings=/etc/logstash --modules netflow --setup -M netflow.var.elasticsearch.hosts="localhost:9200" -M netflow.var.kibana.host="0.0.0.0:5000"
Sending Logstash's logs to /var/log/logstash which is now configured via log4j2.properties
[2018-08-14T14:11:36,749][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2018-08-14T14:11:37,386][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"6.3.2"}
[2018-08-14T14:11:37,510][INFO ][logstash.config.modulescommon] Setting up the netflow module
[2018-08-14T14:11:43,020][ERROR][logstash.modules.kibanaclient] Error when executing Kibana client request {:error=>#<Manticore::ConnectTimeout: connect timed out>}
[2018-08-14T14:11:48,225][ERROR][logstash.modules.kibanaclient] Error when executing Kibana client request {:error=>#<Manticore::ConnectTimeout: connect timed out>}
[2018-08-14T14:11:48,521][ERROR][logstash.config.sourceloader] Could not fetch all the sources {:exception=>LogStash::ConfigLoadingError, :message=>"Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"0.0.0.0:5000\"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:110:in `block in pipeline_configs'", "org/jruby/RubyArray.java:1734:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/config/modules_common.rb:56:in `pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source/modules.rb:16:in `pipeline_configs'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:62:in `block in fetch'", "org/jruby/RubyArray.java:2481:in `collect'", "/usr/share/logstash/logstash-core/lib/logstash/config/source_loader.rb:61:in `fetch'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:138:in `converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:89:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:363:in `block in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
[2018-08-14T14:11:48,528][ERROR][logstash.agent ] An exception happened when converging configuration {:exception=>RuntimeError, :message=>"Could not fetch the configuration, message: Failed to import module configurations to Elasticsearch and/or Kibana. Module: netflow has Elasticsearch hosts: [\"localhost:9200\"] and Kibana hosts: [\"0.0.0.0:5000\"]", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/agent.rb:145:in `converge_state_and_update'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:89:in `execute'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:363:in `block in execute'", "/usr/share/logstash/vendor/bundle/jruby/2.3.0/gems/stud-0.0.23/lib/stud/task.rb:24:in `block in initialize'"]}
[2018-08-14T14:11:48,735][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
My kibana configuration is as follows:
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: 5000
# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"
# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
server.basePath: "/kibana"
# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# This setting was effectively always `false` before Kibana 6.3 and will
# default to `true` starting in Kibana 7.0.
server.rewriteBasePath: true
# The maximum payload size in bytes for incoming server requests.
#server.maxPayloadBytes: 1048576
# The Kibana server's name. This is used for display purposes.
server.name: "<Redacted>"
# The URL of the Elasticsearch instance to use for all your queries.
elasticsearch.url: "http://localhost:9200"
Anyone already experienced this problem, please?
Any ideas are much appreciated.
Thanks and Regards