Logstash output loki tcp error

Elastic Stack Logstash
1

Hi everyone!

I have a first pipeline running well Fileabeat -> Logstash -> Elasticsearch.
Now I'm trying to run Fileabeat -> Logstash -> Loki but there is a connection error, the message come from Filebeat:

{"log.level":"error","@timestamp":"2022-02-25T16:32:05.518+0100","log.logger":"logstash","log.origin":{"file.name":"logstash/async.go","file.line":280},"message":"Failed to publish events caused by: write tcp 127.0.0.1:55224->127.0.0.1:5044: wsasend: An existing connection was forcibly closed by the remote host.","service.name":"filebeat","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2022-02-25T16:32:06.727+0100","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":176},"message":"failed to publish events: write tcp 127.0.0.1:55224->127.0.0.1:5044: wsasend: An existing connection was forcibly closed by the remote host.","service.name":"filebeat","ecs.version":"1.6.0"}

{"log.level":"info","@timestamp":"2022-02-25T16:32:06.727+0100","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":139},"message":"Connecting to backoff(async(tcp://localhost:5044))","service.name":"filebeat","ecs.version":"1.6.0"}

{"log.level":"info","@timestamp":"2022-02-25T16:32:06.729+0100","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipeline/client_worker.go","file.line":147},"message":"Connection to backoff(async(tcp://localhost:5044)) established","service.name":"filebeat","ecs.version":"1.6.0"}

I don't understand this error "An existing connection was forcibly closed by the remote host".

Regarding my Logstash configuration, I copy paste the one for Elasticsearch, and I just changed the output:

input {
  beats {
    port => "5044"
  }
}
filter {
  grok {
    match => {"message" => '<my very long grok>'}
  }
  date {
    match => ["timestamp", "yyyy-MM-dd HH:mm:ss.SSSSSSSSS"]
    target => "timestamp"
  }
  mutate {
    remove_field => ["[tags]", "[agent]", "[log]", "[ecs]", "[version]", "[event]", "[host]", "[message]", "[@version]", "[input]"]
  }
}
output {
  loki {
    url => "http://localhost:3100/loki/api/v1/push"
  }
}

Also, I already activate the output like this:

 .\bin\logstash-plugin install logstash-output-loki

And the response was positiv.

So, back to my problem, there is a tcp error that I do not understand...
Thanks for your time!

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.