This is my /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var2/log/cloud/test.log
filebeat.config.modules:
# Glob pattern for configuration loading
path: ${path.config}/modules.d/*.yml
# Set to true to enable config reloading
reload.enabled: false
# Period on which files under path should be checked for changes
#reload.period: 10s
setup.template.settings:
index.number_of_shards: 3
#index.codec: best_compression
#_source.enabled: false
setup.dashboards.enabled: false
setup.dashboards.beat:
setup.kibana:
host: "10.28.1.17:80"
# Optional protocol and basic auth credentials.
protocol: "http"
username: "admin"
password: "admin"
output.logstash:
# The Logstash hosts
hosts: ["10.28.1.17:5044"]
ssl.enabled: false
#### we use our generated certificates from ELK
ssl.certificate_authorities: ["/etc/beat/beat-forwarder.crt"]
# Certificate for SSL client authentication
ssl.certificate: "/etc/beat/beat-forwarder.crt"
# Client Certificate Key
ssl.key: "/etc/beat/beat-forwarder.key"
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0644
I can telnet 10.28.1.17 5044
filebeat should work fine
here is my /etc/logstash/conf.d/logstash.conf on 10.28.1.17
input {
tcp {
port => 5000
type => syslog
}
udp {
port => 5000
type => syslog
}
}
input {
beats {
port => "5044"
ssl => false
ssl_certificate => ["/usr/share/logstash/beat-forwarder.crt"]
ssl_key => ["/usr/share/logstash/beat-forwarder.key"]
ssl_verify_mode => none
}
}
filter {
mutate {
remove_field => [ "[host]" ]
}
mutate {
add_field => {
"host" => "%{[beat][hostname]}"
}
}
}
output {
stdout { }
}
I run the logstash by /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf, but no matter how I add lines in the log file /var2/log/cloud/test.log, nothing prints. Can anyone help to see what is wrong?