Hi guys, i'm using ubuntu server 16.10 headless, i installed ELK and filebeat via apt,
configured everything i should've (that i know of) and for some reason, logstash isn't getting the syslogs from the 'filebeat' , and the logstash service keeps shutting down and activating again and again.
i realy dont get what's happening and would like some help.
•note: every think is installed on a single machine who's IP is 192.168.32.131
here are my config file:
logstash conf:
`input {
beats {
port => "5043"
}
}

filter {

if [type] == "syslog" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostnmae} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}" }
}
}
}

output {
elasticsearch{
hosts => ["192.168.32.131:9200"]
index => "%{[@metadata][beats]}-%{+YYYY.MM.dd}"
docuent_type => "%{[@metadata][type]}"
}
}
`

filebeat conf:
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:

Array of hosts to connect to.

#hosts: ["localhost:9200"]

Optional protocol and basic auth credentials.

#protocol: "https"
#username: "elastic"
#password: "changeme"

#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["192.168.32.131:5043"]

If Logstash is restarting I'd expect to find clues in the Logstash log.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.