Logstash not outputing data to any output plugin

Elastic Stack Logstash
1

I am using logstash in the SSL environment, in such a way that beats are connecting to logstash but logstash itself not sending data to elasticsearch. So I added the file output plugin, it seems the problem is not resolved

Elasticsearch Index

root@ubuntu-s-2vcpu-4gb-blr1-01:~# curl https://localhost:9200/_cat/indices --insecure -u admin:admin
yellow open security-auditlog-2020.04.24 l6Z0rboZSaaVtYhp0W8z6A 1 1  1722  0 545.8kb 545.8kb
green  open wazuh-alerts-3.x-2020.04.23  8gJ2UmWrSxKskXUOW95jmw 3 0   644  0   1.1mb   1.1mb
yellow open security-auditlog-2020.04.23 lGnEmAgETPmMcg0rqzMHig 1 1   768  0 361.7kb 361.7kb
green  open .kibana_task_manager_1       xP-DYERoTYS6zT3g0JR3lg 1 0     2  0  26.7kb  26.7kb
green  open .apm-agent-configuration     8UjsvJjlRlG7vdr50MfQJg 1 0     0  0    283b    283b
green  open ilm-history-1-000001         7c7IRPJQQBCjAX1vUDd0CA 1 0    18  0  25.3kb  25.3kb
green  open .kibana_1                    Jfrow1yoRDagBZzxfAqcdA 1 0   511 26 461.3kb 461.3kb
green  open .opendistro_security         kqcyE_MsRfSdw3kHevDgbg 1 0     6  0  32.5kb  32.5kb
green  open kibana_sample_data_flights   xC40h468Rp2YYzGoruRQPQ 1 0 13059  0   6.3mb   6.3mb

Logstash configuration

input {
  beats {
    port => 5044
    host => "0.0.0.0"
  }
}

output {
  file {
    path => "/root/%{[@metadata][beat]}-%{+YYYY.MM.dd}.txt"
  }

  elasticsearch {
    hosts => ["https://localhost:9200"]
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    user => "admin"
    password => "admin"
    ssl_certificate_verification => "false"
  }
}

Packetbeat testing connection

logstash: PRIVATE_IP:5044...
  connection...
    parse host... OK
    dns lookup... OK
    addresses: 167.71.226.87
    dial up... OK
  TLS... WARN secure connection disabled
  talk to server... OK

Files in /root

root@ubuntu-s-2vcpu-4gb-blr1-01:~# ls /root/
root@ubuntu-s-2vcpu-4gb-blr1-01:~#
2

On further investigation i have found that logstash is working fine

test.conf

input {
	stdin {}
}

output {
	file {
		path => "/root/file.txt"
	}

	stdout {
	}
}

/usr/share/logstash/bin/logstash -f test.conf

/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
       "message" => "hi",
      "@version" => "1",
          "host" => "ubuntu-s-2vcpu-4gb-blr1-01",
    "@timestamp" => 2020-04-24T12:49:15.347Z
}
hello
{
       "message" => "hello",
      "@version" => "1",
          "host" => "ubuntu-s-2vcpu-4gb-blr1-01",
    "@timestamp" => 2020-04-24T12:49:19.656Z
}

cat /root/file.txt

{"message":"hi","@version":"1","host":"ubuntu-s-2vcpu-4gb-blr1-01","@timestamp":"2020-04-24T12:49:15.347Z"}
{"message":"hello","@version":"1","host":"ubuntu-s-2vcpu-4gb-blr1-01","@timestamp":"2020-04-24T12:49:19.656Z"}
3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.