Not getting logs from filebeat to logstash

narasimha · September 28, 2018, 10:12am

I am new to ELK stack, I am trying to get the logs from filebeat to logstash and display on stand output(terminal).

Filebeat configuration:

filebeat.inputs:

type: log

Change to true to enable this input configuration.

enabled: true

Paths that should be crawled and fetched. Glob based paths.

paths:
- /home/narasimha/DevOps/logstash-tutorial.log
  #- c:\programdata\elasticsearch\logs*

#output.elasticsearch:

Array of hosts to connect to.

hosts: ["localhost:9200"]

.......
#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["localhost:5044"]

Logstash configuration:

input {
beats {
port => "5044"
}
}

The filter part of this file is commented out to indicate that it is

optional.

filter {

}

output {
stdout { codec => rubydebug }
}

After above configuration changes, I started filebeat service, and after that i run below command.
sudo ./filebeat -e -c filebeat.yml -d "publish"

The following logs keep on generating.
2018-09-28T13:56:49.521+0530 INFO [monitoring] log/log.go:149 Total non-zero metrics {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":70,"time":{"ms":75}},"total":{"ticks":130,"time":{"ms":142},"value":130},"user":{"ticks":60,"time":{"ms":67}}},"info":{"ephemeral_id":"a841dc35-2fac-4178-ba86-67c1c9f7169b","uptime":{"ms":193709}},"memstats":{"gc_next":4194304,"memory_alloc":2145872,"memory_total":5117432,"rss":22495232}},"filebeat":{"events":{"added":1,"done":1},"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0},"reloads":1},"output":{"type":"logstash"},"pipeline":{"clients":0,"events":{"active":0,"filtered":1,"total":1}}},"registrar":{"states":{"current":1,"update":1},"writes":{"success":2,"total":2}},"system":{"cpu":{"cores":4},"load":{"1":1.35,"15":1.43,"5":1.45,"norm":{"1":0.3375,"15":0.3575,"5":0.3625}}}}}}

The same time I have tested the logstash config it says Ok, after that I run below command.

bin/logstash -f first-pipeline.conf --config.reload.automatic

It has stopped at the below line, after that I am not getting any logs from filebeat.

[INFO ] 2018-09-28 13:56:11.242 [[main]<beats] Server - Starting server on port: 5044
[INFO ] 2018-09-28 13:56:11.597 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600}

Please help on the same

system · October 26, 2018, 10:12am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat is not sending the data to logstash Beats filebeat	3	880	July 30, 2019
Filebeat and Logstash are running but no output on logstash Beats	2	1306	July 28, 2020
Filebeat to Logstash to ES Logstash	16	1101	October 6, 2020
LogStash not showing output on console Logstash	2	489	October 8, 2020
My Logstash is not receiving any data from Filebeat, its just listening to the port Logstash beats-module	6	3301	August 19, 2019