Logstash send logs to monitoring cluster

caseydm · February 21, 2022, 5:43pm

Hi all. I'm using logstash to send data from redshift to Elasticsearch. I monitor my pipelines with metricbeats, and am able to see general statistics about logstash within my monitoring cluster. What I can't see is logs. Is there a simple way to send logs from logstash into Elasticsearch?

leandrojmp · February 21, 2022, 7:34pm

You should use a Filebeat to read the logstash logs and send it to your monitoring cluster.

rugenl · February 21, 2022, 10:21pm

Also see filebeat module enable logstash

caseydm · February 22, 2022, 2:09pm

Thank you! I tried it out but I'm not seeing any log data in Kibana. I'm using elastic cloud. I wonder what I am doing wrong? My metricbeats works properly, and I can see that filebeat has started successfully.

Here is my configuration:

docker compose

version: "3"
services:
  logstash:
    image: docker.elastic.co/logstash/logstash:7.15.1
    environment:
      - NODE_NAME=concepts
      - XPACK_MONITORING_ENABLED=false
      - "LS_JAVA_OPTS=-Xmx3g -Xms3g"
    env_file:
      - .env
    volumes:
      - ./jars/:/usr/share/jars/
      - ./pipeline/:/usr/share/logstash/pipeline/
      - ./sql_last_value.yml:/usr/share/sql_last_value.yml
    command: logstash
  metricbeat:
    image: docker.elastic.co/beats/metricbeat:7.15.1
    depends_on:
      - logstash
    env_file:
      - .env
    volumes:
      - ./metricbeat.yml:/usr/share/metricbeat/metricbeat.yml

  filebeat:
    image: docker.elastic.co/beats/filebeat:7.15.1
    depends_on:
      - logstash
    env_file:
      - .env
    volumes:
      - ./filebeat.yml:/usr/share/filebeat/filebeat.yml

filebeat.yml

filebeat.modules:
- module: logstash
  log:
    enabled: true

output:
  elasticsearch:
    hosts: ["${ES_HOST_MONITORING_PROD}"]
    username: "${ES_USER_MONITORING_PROD}"
    password: "${ES_PASSWORD_MONITORING_PROD}"

metricbeat.yml

metricbeat.modules:
- module: logstash
  metricsets:
    - node
    - node_stats
  period: 10s
  hosts: ["logstash:9600"]
  xpack.enabled: true
  strict.perms: false

output:
  elasticsearch:
    hosts: ["${ES_HOST_MONITORING_PROD}"]
    username: "${ES_USER_MONITORING_PROD}"
    password: "${ES_PASSWORD_MONITORING_PROD}"

leandrojmp · February 22, 2022, 2:19pm

Filebeat needs to have access to the Logstash logs, you are running filebeat on a different container, this won't work.

I do not use docker, so I can't help further, but you need to look on how to configure filebeat to read docker logs.

system · March 22, 2022, 2:20pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ElasticSearch Cluster: Logstash works, but does not show up on kibana dashboard Logstash elastic-stack-monitoring , docker	0	17	September 8, 2024
Filebeat harvester started but not sending logs to logstash / kibana Elasticsearch	8	3463	February 1, 2021
Filebeat fails to send docker container logs to Logstash Beats filebeat	4	3587	July 4, 2018
Filebeat Is not Sending Logs to Logstash even Harvesting Successfull Beats filebeat	3	2944	February 24, 2020
Filebeat is not sending logs to Logstash Beats docker , filebeat	0	196	June 23, 2024

Logstash send logs to monitoring cluster

docker compose

filebeat.yml

metricbeat.yml

Related topics