Logstash couldn't connect to to elasticsearch

Hi guys,
I'm configured ELK stack.
ElasticSearch in ubuntu server 18.04
Kibana in docker
Logstash in docker
FileBeat in web-server (IIS)

Logstash don't adding data in elasticsearch. If i'm install logstash on windows it working. (logstash.conf same) logstash.yaml is default.
Logstash container is see elasticsearch

Docker run:

docker run --rm -p 5000:5000 -p 5000:5000/udp -p 5044:5044 -p 9600:9600 -v /opt/logstash/config/logstash.conf:/config/logstash.conf -v /opt/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml --name logstash logstash:7.0.1

Logstash.config:

input {
	beats {
        port => 5044
		client_inactivity_timeout => 200
		#ssl => true
		#ssl_certificate => "C:\Temp\cert\logstash-forwarder.crt"
		#ssl_key => "C:\Temp\cert\logstash-forwarder.key"
    }
}

filter {

	if [fields][log_type] == "iis" {
		grok {
			match => { "message" => "%{TIMESTAMP_ISO8601:ts} %{IPORHOST:client} %{WORD:method} %{URIPATHPARAM:request_path} %{GREEDYDATA:uri_param} %{NUMBER:port:int} %{GREEDYDATA:user} %{IPORHOST:user_ip} %{GREEDYDATA:user_agent} %{GREEDYDATA:referer} %{NUMBER:response_status:int} %{NUMBER:substatus:int} %{NUMBER:win32_status:int} %{NUMBER:ellapsed_milliseconds:int}" }
		}

	    date {
			match => ["ts", "yyyy-MM-dd HH:mm:ss"]
			target => "event_ts"
		}
		
		geoip {
			source => "user_ip"
		}
	}
	
	if [fields][log_type] == "httperr" {
		grok {
			match => { "message" => "%{TIMESTAMP_ISO8601:ts} %{IPORHOST:c_ip} %{NUMBER:c_port:int} %{IPORHOST:s_ip} %{NUMBER:s_port:int} %{GREEDYDATA:cs_version} %{GREEDYDATA:cs_method} %{GREEDYDATA:cs_uri} %{GREEDYDATA:sc_status} %{GREEDYDATA:siteid} %{GREEDYDATA:reason} %{GREEDYDATA:queuename}" }
		}

		date {
			match => ["ts", "yyyy-MM-dd HH:mm:ss"]
			target => "event_ts"
		}
		
		geoip {
			source => "c_ip"
		}
	}
}

output {
	elasticsearch {
		hosts => ["192.168.1.16:9200"]
		index => "iis-%{[fields][log_type]}-%{+YYYY.MM.ww}"
	}
}

Input logstash container log:

{
"@version" => "1",
"tags" => [
[0] "beats_input_codec_plain_applied"
],
"source" => "C:\Windows\System32\LogFiles\HTTPERR\httperr1.log",
"beat" => {
"name" => "v-titov",
"hostname" => "v-titov",
"version" => "6.2.1"
},
"message" => "2019-05-22 08:10:53 192.168.1.149 48906 192.168.1.72 5357 - - - - - - Timer_ConnectionIdle -",
"fields" => {
"server" => "mm",
"log_type" => "httperr"
},
"@timestamp" => 2019-05-22T08:12:03.207Z,
"prospector" => {
"type" => "log"
},
"offset" => 1818
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.