Need help with Logstash/Filebeat working with Kibana

Elastic Stack Beats
1

I am trying to ingest data into kibana using a logstash via a filebeat but the data isn't being transferred by my filebeat for some reason... Would you guys be able to help?

The link below is the code to my logstash-sample.conf file. It is pointing to the correct ports, and our index' name in Kibana is logstash*

https://pastebin.com/ZAhyNhDa

Below this is the link to our filebeat module. I switched the localhost to the IP of the server kibana is on but that didn't seem to do anything so I switched it back to localhost.... Would anyone be able to help me out? I can't find any tutorials that will help online.

https://pastebin.com/1pUvhnmr

2

For introduction on setting up the stack see Getting Started (Filebeat) and Getting Started with the Elastic Stack.

Any errors in your logs?

3

I am receiving this error

2018-10-23T17:59:36.146Z ERROR pipeline/output.go:100 Failed to connect to backoff(async(tcp://10.100.130.72:5044)): dial tcp 10.100.130.72:5044: connect: connection refused
2018-10-23T17:59:36.146Z INFO pipeline/output.go:93 Attempting to reconnect to backoff(async(tcp://10.100.130.72:5044)) with 4 reconnect attempt(s)

My original error was due to logstash being commented out so I fixed the original issue but now i am getting this in my filebeat logs

4

Is Logstash running?

5

Yes, I found out I had some ports wrong so I am having two different errors now....

[2018-10-25T08:38:28,259][WARN ][filewatch.tailmode.handlers.createinitial] open_file OPEN_WARN_INTERVAL is '300'

[2018-10-25T08:38:29,111][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://127.0.0.1:9200/, :path=>"/"}

[2018-10-25T08:38:29,112][INFO ][logstash.outputs.elasticsearch] Running health check to see if an Elasticsearch connection is working {:healthcheck_url=>http://127.0.0.1:9200/, :path=>"/"}

[2018-10-25T08:38:29,113][WARN ][logstash.outputs.elasticsearch] Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"http://127.0.0.1:9200/", :error_type=>LogStash::Outputs::E:

This is in my logstash log file

6

is Elasticsearch running?

7

Yes everything that should be running is running however we get that error when we run the service with service logstash start. we don’t get the error if we run It manually though. Why is that?

8

What exactly do you type on CLI when running logstash manually? Is there a chance the service logstash start picks up a wrong configuration file?

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.