ERR Failed to publish events caused by: read tcp >ELK_SERVER_IP:5044: read: connection reset by peer
Anyone with help really appreciate.
Providing more information would be helpful.
What version?
What does your config look like?
What does your data look like?
Hi Mark
I use version 5.1 for elasticsearch, logstash,kibana and filebeat.
Here is my config
Elasticsearch (elasticsearch.yml)
cluster.name: Cluster1
node.name: elk_server
network.host: localhost
xpack.security.enabled: false
Logstash
input {
beats {
port => 5044
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
}
filter {
if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
add_field => [ "client_ip", "%{clienthost}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
Kibana
server.port: 5601
server.host: "localhost"
server.name: "ELK Stack Server"
elasticsearch.url: "http://localhost:9200"
Filebeat
filebeat:
prospectors:
i think this error is disappear after i correct my filebeat config ... however i want to create a filed from my dns log message which contain client ip address from which client lookup any url ... would you able to help me or point me to anything ...been trying for few days now ...thanks in advance
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.