Multiple filebeat to logstash

MLdz · October 17, 2017, 1:30pm

Hello,
i want to connect two filebeat (which are on two differents remote machine) to Logstash.
i did the configuration on the filebeat.yml with the host of the ELK server.
The problem: in Kibana , i dont see the log of the 2 remote machine.
I can see just the log of the 1st machine, or the log of the 2nd machine.
What should I configure to see the logs of both machines at once?
logstash.conf :

input { beats { port => 5044 } }
   output {
      elasticsearch {
        hosts => ["localhost:9200"]
           }
    }

magnusbaeck · October 17, 2017, 2:25pm

Check the Filebeat logs on the machine whose logs don't show up in Kibana.

MLdz · October 18, 2017, 8:36am

In the filebeat logs , no problem, just :

2017-10-18T10:30:13+02:00 INFO No non-zero metrics in the last 30s

magnusbaeck · October 18, 2017, 10:56am

And what does the Filebeat configuration look like? Have you tried bumping the log level to get more clues?

MLdz · October 18, 2017, 12:36pm

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- input_type: log

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/httpd/*
    #- c:\programdata\elasticsearch\logs\*

#================================ Outputs =====================================

# Configure what outputs to use when sending the data collected by the beat.
# Multiple outputs may be used.

#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
  # Array of hosts to connect to.
  #hosts: ["localhost:9200"]

  # Optional protocol and basic auth credentials.
  #protocol: "https"
  #username: "elastic"
  #password: "changeme"

#----------------------------- Logstash output --------------------------------#
output.logstash:
  # The Logstash hosts
  hosts: ["192.18.53.12:5044"]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/client/cert.pem"

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

#================================ Logging =====================================

# Sets log level. The default log level is info.
# Available log levels are: critical, error, warning, info, debug
#logging.level: error

# At debug level, you can selectively enable logging only for some components.
# To enable all selectors use ["*"]. Examples of other selectors are "beat",
# "publish", "service".
#logging.selectors: ["*"]

The configuration of the filebeat, with the host of the ELK stack

system · November 15, 2017, 12:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.