Logstash won't forward to Elasticsearch via output plugin

james_mtl · June 15, 2018, 7:57pm

I am trying to modify an existing ELK configuration. Logs are being sent to Logstash via syslog and then forwarded to an Elasticsearch cluster.

I am trying to switch our Elasticsearch endpoints to AWS' ES service. I have modified the existing logstash.conf. AWS is not seeing new data being sent. When I revert the previous configuration the old Elasticsearch servers are not receiving data any more either and nothing is being written to the log file. I am not able to find anything useful here.

I installed logstash-output-amazon_es output plugin. I used sudo to install the plugin.. My best guess is that it screwed up permissions. Honestly I'm really stuck troubleshooting this problem as I have no logs to look at. What is going on here?

warkolm · June 15, 2018, 8:34pm

Sounds like something with the AWS specific output plugin.

But I don't think anyone here has knowledge on that one sorry, you may need to try the AWS forums.

james_mtl · June 18, 2018, 3:52pm

The issue was related to the permissions.

Additionally, I needed to create an IAM Role and EC2 Instance Profile.

system · July 16, 2018, 3:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.