Logstash can't send logs to ES

Hello everyone!

I have a little problem with my ELK Stack. My Logstash container gathers logs from Filebeat, but it can't pass them to Elasticsearch. I tried many methods described in another topics, but with no success. I am able to use this:

curl -XPUT "http://hostname:9200/test/test/1" -d '{}'

I am also able to send logs directly from Filebeat to Elasticsearch. So I think that Logstash is my problem.

Some info:
Logstash version: 5.5.1
Elasticsearch version: 5.5.1
Kibana version: 5.5.1
Error in ES log:

Content type detection for rest requests is deprecated. Specify the content type using the [Content-Type] header.

Logstash.yml

input {
tcp {
port => 5044
start_position => beginning
}
}

/* filter {
grok {
patterns_dir => ["./patterns"]
match => { "message" => %{TIME:time}[%{LOGLEVEL:loglevel}] %{DATA:class} - %{GREEDYDATA:message}" }
}
}*/

output {
elasticsearch {
hosts => "IP of Docker:9200"
codec => "json"
}
}

Logstash.conf

http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.enabled: false

I am using offical Docker images from docker.elastic.co.

Thank You in advance for Your help!

The tcp input doesn't have a start_position option and /* ... */ comments aren't supported so I doubt Logstash is starting at all.

Thank You for Your answer.

start_position and comments are new lines I added when I was searching for solution. I'm still learning about ELK and I make many stupid mistakes. But Logstash is running and when I use "docker logs logstash" command I see all logs sent from Filebeat.

Remove codec => json from your elasticsearch output.

Still nothing. I don't know what's going on. Before server's reset everything was working like a charm, but now I can only send logs directly from Filebeat

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.