Logstash is not outputing the data to elasticsearch

dubul · July 14, 2016, 10:26pm

io/console not supported; tty will not be manipulated
Settings: Default pipeline workers: 4
←[31mConnection refused: connect {:class=>"Manticore::SocketException", :level=>:error}←[0m
Pipeline main started

===========>>>>>>>>>>>>>>>>>>>>,<<<<<<<<<<<<<<<<<<<<<<<<<<================``
here is the logstash.conf

input {
beats {
port => 5044
}
}

output {
elasticsearch {
hosts => "10.32.12.22:9200"
}
file {
path => "E:\logs\testing"
}
}

warkolm · July 14, 2016, 11:35pm

Can you connect to ES? curl 10.32.12.22:9200.

dubul · July 14, 2016, 11:38pm

@warkolm I have installed elk on single server. I'm trying to ship the data from other windows machine to elk server using filebeat

warkolm · July 14, 2016, 11:49pm

Right, well maybe if you post your beats config we can help more

dubul · July 14, 2016, 11:56pm

filebeat:

List of prospectors to fetch data.

prospectors:
# Each - is a prospector. Below are the prospector specific configurations
-
paths:
#- /var/log/*.log
- E:\Application\logs*.log
#- c:\programdata\elasticsearch\logs*

  # Configure the file encoding for reading files with international characters
  # following the W3C recommendation for HTML5 (http://www.w3.org/TR/encoding).
  # Some sample encodings:
  #   plain, utf-8, utf-16be-bom, utf-16be, utf-16le, big5, gb18030, gbk,
  #    hz-gb-2312, euc-kr, euc-jp, iso-2022-jp, shift-jis, ...
  #encoding: plain

  # Type of the files. Based on this the way the file is read is decided.
  # The different types cannot be mixed in one prospector
  #
  # Possible options are:
  # * log: Reads every line of the log file (default)
  # * stdin: Reads the standard in
  input_type: log

registry_file: "C:/ProgramData/filebeat/registry"
Output
logstash:
# The Logstash hosts
hosts: ["10.32.12.22:5044"]

dubul · July 15, 2016, 12:02am

@warkolm
just changed the logstash host output in the config and path of prospectors in the filebeat.yml. Everything is same

dubul · July 15, 2016, 3:13am

@warkolm Thanks for your response

I have changed the output to elasticsearch in filebeat.yml. I dont see any index on elasticsearch and kibana.
i have started filebeat by using the command ./filebeat -e -c filebeat.yml -d "publish". I can see it publishing events, but i dont find it on the elasticsearch and kibana.

I want to move the file with logs on machine A to machine B[elk server]. Can Anyone help me out in solving the issue. I want to move the logs from the machine A to elk server and get stored and displayed on kibana.

Can anyone guide me in this, and how to give the path for this log files to get stored in elk server ( for example i want to store it in F:\logs.

execuse me for the bad presentation if i'm wrong.

medcl.net · July 25, 2016, 12:35pm

Hi, @dubul
the first thing you may try is to make sure elasticsearch is working well, can you check out the by

curl 10.32.12.22:9200

it should return the version info of elasticsearch,please make sure that.

and you want to store log files in elk server, actually the log fils will stored into elasticsearch, kibana doesn't store logs, kibana read logs from elasticsearch, elasticsearch have its own storage and format, likeelasticsearch/data it depends how you installed it, you can search elasticsearch by call "_search" api, like,

curl 10.32.12.22:9200/_search

system · August 4, 2016, 10:27pm

This topic was automatically closed after 21 days. New replies are no longer allowed.