Logs not being sent to filebeats and logstash

Elastic Stack Beats
1

Currently trying to set up Filebeats to try and connect to Logstash to send logs from cisco network syslogs and tacacs logs to a logstash server to be sent to elastic and then displayed on kibana.
However, I have not been able to see any logs and not too sure on how to troubleshoot it on Windows as most of the guide are for Linux. Running the entire stack on 8.8.2.

Any help will be appreciated thanks!

Current Configs for Logstash:

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
  }
}

Current Configs for Filebeat:

123
123965×482 28.7 KB

I have went through multiple times setting it up and followed official install guide and still unable to get any logs. Would appreciate any help!!

2

Hi,

I would check if there is a firewall between your production cluster (filebeat) and observing cluster (logstash/elasticsearch), if you are running them separately. I had once the same problem.

Other than that, please check logstash and elasticsearch are running properly.
Or you can put this code in your logstash output section to display the logs on screen:

stdout { codec => rubydebug }

I would double check if it is https or http. If https, I would use certificates.

Best regards
Murat

3

Hi @nikokyu Welcome to the community.

First please do not post screen shots of text, they can not be read / seen by all, they can not be search, copied , debugged, tested etc....

2nd Please show your entire filebeat.yml you left out the output section which is a very important section .. please share the complete filebeat.yml in formatted text (like the logstash) conf you showed.

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.