LoLogs are not coming from filebeat to logstash to elasticsearch

Hi, I have installed filebeat on my windows machine. I've enabled the systema nd logstash module.
Here is the filebeat.yml

- type: filestream

  # Unique ID among all inputs, an ID is required.
  id: my-filestream-id

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
    - C:\ProgramData\filebeat\logs\*
    type: windows_log
  fields_under_root: true

  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # The Logstash hosts
  hosts: ["logstash-ip:5044"]

 .\filebeat -e -c "C:\Program Files\Filebeat\filebeat.yml" test output
{"log.level":"info","@timestamp":"2023-04-21T12:47:01.489+0530","log.origin":{"":"instance/beat.go","file.line":724},"message":"Home path: [C:\\Program Files\\Filebeat] Config path: [C:\\Program Files\\Filebeat] Data path: [C:\\Program Files\\Filebeat\\data] Logs path: [C:\\Program Files\\Filebeat\\logs]","":"filebeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2023-04-21T12:47:01.490+0530","log.origin":{"":"instance/beat.go","file.line":732},"message":"Beat ID: cea733d5-40bd-4c1e-adad-0041a5258c1f","":"filebeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2023-04-21T12:47:04.522+0530","log.logger":"add_cloud_metadata","log.origin":{"":"add_cloud_metadata/provider_aws_ec2.go","file.line":81},"message":"read token request for getting IMDSv2 token returns empty: Put \"\": context deadline exceeded (Client.Timeout exceeded while awaiting headers). No token in the metadata request will be used.","":"filebeat","ecs.version":"1.6.0"}
logstash: LOGSTASH:5044...
    parse host... OK
    dns lookup... OK
    addresses: LOGSTASH IP
    dial up... OK
  TLS... WARN secure connection disabled
  talk to server... OK

Here is my logstash pipeline conf file

input {
  beats {
    port => 5044

output {
  elasticsearch {
    hosts => "http://elasticsearch-ip:9200"
    index => "test%{+YYYY.MM.dd}"
    user => "usr"
    password => "pwd"

When i start logstash the status shows active.
But the logs are not coming

Here is the status of logstash service


There are no logs on elasticsearch index

If i run logstash in debug mode
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/first_pipeline.conf --debug

I am getting address already in use. Even after i kill the other logstash process

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.