Logstash and filebeat configuration for ports

I have setup one elk cluster (Elasticsearch + Logstash + Kibana) on a windows server.

And installed beats(filebeat+winlogbeat) on 3 windows servers.

Question about ports that need to be configure in beats and logstash. Below are the config files, Can you confirm ports should be configured as such or advise otherwise.

Server 1:
Filebeat config: hosts: ["12.10.20.21:5044"]
Winlogbeat config: hosts: ["12.10.20.21:5045"]

Server 2:
Filebeat config: hosts: ["12.10.20.21:5046"]
Winlogbeat config: hosts: ["12.10.20.21:5047"]

Server 3:
Filebeat config: hosts: ["12.10.20.21:5048"]
Winlogbeat config: hosts: ["12.10.20.21:5049"]

ELK Server:
Logstash config:
input {
beats {
port => 5044
}
beats {
port => 5045
}
beats {
port => 5046
}
beats {
port => 5047
}
beats {
port => 5048
}
beats {
port => 5049
}
}
output {
elasticsearch {
manage_template => false
hosts => "12.10.20.21:9200"
index => "logstash-app-prod"
}
}

What you have works, but it's not clear why you use different ports. All hosts can connect to the same port on the Logstash side.

So you means below configuration will works better than old one that i do have now. please advise and thanks in advance.

Server 1:
Filebeat config: hosts: ["12.10.20.21:5044"]
Winlogbeat config: hosts: ["12.10.20.21:5045"]

Server 2:
Filebeat config: hosts: ["12.10.20.21:5044"]
Winlogbeat config: hosts: ["12.10.20.21:5045"]

Server 3:
Filebeat config: hosts: ["12.10.20.21:5044"]
Winlogbeat config: hosts: ["12.10.20.21:5045"]

ELK Server:
Logstash config:
input {
beats {
port => 5044
}
beats {
port => 5045
}
}
output {
elasticsearch {
manage_template => false
hosts => "12.10.20.21:9200"
index => "logstash-app-prod"
}
}

It won't work better or worse than the old configuration, but it's arguably easier to set up.

Why do you want to use different ports for Winlogbeat and Filebeat? That's also unnecessary.

Ok. Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.