LoLogs are not coming from filebeat to logstash to elasticsearch

Neelam_Zanvar · April 21, 2023, 10:17am

Hi, I have installed filebeat on my windows machine. I've enabled the systema nd logstash module.
Here is the filebeat.yml

- type: filestream

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - C:\ProgramData\filebeat\logs\*
  fields:
    type: windows_log
  fields_under_root: true


filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

output.logstash:
  # The Logstash hosts
  hosts: ["logstash-ip:5044"]

 .\filebeat -e -c "C:\Program Files\Filebeat\filebeat.yml" test output
{"log.level":"info","@timestamp":"2023-04-21T12:47:01.489+0530","log.origin":{"file.name":"instance/beat.go","file.line":724},"message":"Home path: [C:\\Program Files\\Filebeat] Config path: [C:\\Program Files\\Filebeat] Data path: [C:\\Program Files\\Filebeat\\data] Logs path: [C:\\Program Files\\Filebeat\\logs]","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-21T12:47:01.490+0530","log.origin":{"file.name":"instance/beat.go","file.line":732},"message":"Beat ID: cea733d5-40bd-4c1e-adad-0041a5258c1f","service.name":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-04-21T12:47:04.522+0530","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/provider_aws_ec2.go","file.line":81},"message":"read token request for getting IMDSv2 token returns empty: Put \"http://169.254.169.254/latest/api/token\": context deadline exceeded (Client.Timeout exceeded while awaiting headers). No token in the metadata request will be used.","service.name":"filebeat","ecs.version":"1.6.0"}
logstash: LOGSTASH:5044...
  connection...
    parse host... OK
    dns lookup... OK
    addresses: LOGSTASH IP
    dial up... OK
  TLS... WARN secure connection disabled
  talk to server... OK

Here is my logstash pipeline conf file

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => "http://elasticsearch-ip:9200"
    index => "test%{+YYYY.MM.dd}"
    user => "usr"
    password => "pwd"
  }
}

When i start logstash the status shows active.
But the logs are not coming

Here is the status of logstash service

![image|690x316](upload://q67HPWFDx8kOwk2G8GfjfwxtFLf.png)

There are no logs on elasticsearch index

If i run logstash in debug mode
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/first_pipeline.conf --debug

I am getting address already in use. Even after i kill the other logstash process

system · May 19, 2023, 10:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sending logs from filebeat(WIndows) to Logstash and Elasticsearch(RHEL) Beats windows , filebeat	6	1508	May 23, 2023
Filebeat not sending logs to logstash (port 5044 ) Beats filebeat	18	3389	March 19, 2021
Sending logs from Filebeat(windows) to Logstash(Linux) Logstash	3	421	June 21, 2023
How to troubleshoot Windows Filebeat to logstash Beats filebeat	4	2419	February 26, 2019
Filebeat is not sending logs to Logstash, logstash is localhost Logstash	5	882	October 29, 2020

LoLogs are not coming from filebeat to logstash to elasticsearch

Related Topics