Hello,
Please find the below URL where you can access more lines.
Thanks,
Ravi
I can not debug all this for you....
So you see the logs being printed to the screen...
That means Filebeat - Logstash is working
Are there errors in logstash when trying to write?
did you check to see if they are in discover?
is the data
when you run
GET _cat/indices?v
do you see the logs being added?
I am not sure what you need help with ... get in and dig 
output {
elasticsearch {
hosts => [ "http://localhost:9200" ]
user => "elastic"
password => "wakfgtqwJYKgYdYsKkE8"
}
stdout {}
}
If that is your output thye logs are probably written to an indext that starts with logstash-*
Hello,
My apologies for the late response on this topic.
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .reporting-2023-12-03 wPLklvtUSMqva6wIzY-DxQ 1 0 1 0 1.9mb 1.9mb
green open .transform-internal-007 Ayt0RmYQQFioUUIKhzuM1A 1 0 6 0 54.5kb 54.5kb
yellow open filebeat-8.11.2-2024.01.12 ATocymT0SVy1sYqYmivaxg 1 1 1224750 0 405.2mb 405.2mb
green open .apm-agent-configuration tI3nICpPQlWLzlPVFJPg3w 1 0 0 0 227b 227b
yellow open filebeat-8.11.2-2024.01.11 4CmGRMeURxGMyatRaPf-Wg 1 1 1763247 0 578.6mb 578.6mb
yellow open filebeat-7.17.15-2024.03.11-000073 Y7Nhmv2JT46zwrtja6DtvQ 1 1 11546264 0 1.4gb 1.4gb
yellow open logstash-2024.03.08-000001 n4iZZpd9QJe9AFmHyABMqg 1 1 138517853 0 50.7gb 50.7gb
green open .tasks 7c--yr7bTOe8ADz4vJ6ZsQ 1 0 33 1 67.9kb 67.9kb
green open metrics-endpoint.metadata_current_default 3RsBBNWJTw2QR53mEpYuQA 1 0 0 0 227b 227b
yellow open filebeat-8.11.1 fWtscFyTTsOZP9DnS6_cYA 1 1 2851986 0 1.2gb 1.2gb
green open .geoip_databases 4vJGhr5ySUWyUoNXYZxXbw 1 0 39 34 40.1mb 40.1mb
yellow open filebeat-8.11.2 nX0LPRrnTd2QBmjsBW_l3g 1 1 28183267 0 8.7gb 8.7gb
green open .security-7 z0KQ9irSTiSo_iXkCXkl9Q 1 0 61 0 248.5kb 248.5kb
yellow open filebeat-8.10.4 HbQfL0pGS_ClJLLBWGFYUQ 1 1 9453838 0 2gb 2gb
green open .apm-custom-link rH28BebpTOKIA2KpKxR4aw 1 0 0 0 227b 227b
yellow open filebeat-8.10.4-2024.01.12 7ah5nAK6ShSf8oQhCSar3w 1 1 51352 0 10.2mb 10.2mb
yellow open filebeat-7.17.18 bAT3d_jqRheAXz0JAA6YUQ 1 1 40334257 0 16.4gb 16.4gb
yellow open filebeat-7.17.15-2024.01.12 S_Xu9N9wQXmIPogZl0a9Aw 1 1 7726 0 4.6mb 4.6mb
yellow open logstash-2024.03.12-000002 ckNw2berTK2HbdvnBROgpQ 1 1 87825138 0 35.8gb 35.8gb
green open .async-search NjkQXv-hS2m8W7GzLjcbFA 1 0 2 2 600.9kb 600.9kb
green open .kibana_7.17.15_001 XT8tkEdKSASxfkVb5__Xig 1 0 7552 29 20.8mb 20.8mb
green open .kibana_task_manager_7.17.15_001 XOJAZtH8TxCO_fsH-I0cqA 1 0 18 191 533.7kb 533.7kb
green open .fleet-policies-7 qEihwqZ3RPeAYMI7Lccj1g 1 0 2 0 13.4kb 13.4kb
green open .metrics-endpoint.metadata_united_default npv867Q9SDaiWVrwtFH9zw 1 0 0 0 227b 227b
It showed for Mar13 and after which I have reverted back the changes to the previous, as this is a production.
Today, when we planned to apply the basic security again on the production, we ended up with the same situation where it stopped logging in the Kibana GUI > Discover
I have verified on the username password in the /etc/logstash/conf.d/02-beats-input.conf which seems to be correct because when I run the curl with the same credentials I could see the curl response.
# date && curl -u elastic:wakfgtqwJYKgYdYsKkE8 http://localhost:9200
Fri Mar 15 13:04:44 UTC 2024
{
"name" : "ip-192-168-135-26",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "6Vzvcn7yTduloVhwrkG1jA",
"version" : {
"number" : "7.17.15",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "0b8ecfb4378335f4689c4223d1f1115f16bef3ba",
"build_date" : "2023-11-10T22:03:46.987399016Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
Not sure what to tell you. I don't think you're running the config Think you are. That is the point I've been trying to make.