So here’s my conundrum. Currently using a vm with a bunch of docker containers on it. Included in these is the ELK docker compose by deviantony on GitHub
Now I have a few laptops that I want forwarding logs to the server hosting the vm with ELK on it. The docker compose exposes 5044 and I want to forward via winlogbeat from the laptops… except it’s just not happening
Every time I get beats configged okay the test output comes back as unable to reach logstash.
The ELK stack is on a docker bridge network atm but 5601,9200 and 5044 are all exposed and listening. Beats fails to connect with both elasticsearch and logstash outputs configured.
My question is, has anyone managed to forward to a logstash container from beats? And if so how should I change my approach (worked with elastic for a couple of years but still dipping my toes into docker so explain like I’m 5 plz)
I believe that if the containers are using a bridged network driver, then you have to make sure you're configuring beats to send to the docker HOST with the exposed port.
for example, let's say my physical host is server01 which is running docker and I have a Logstash container setup as logstash-container01 which is exposing port 5044. Then i have another device (laptop) called laptop01 with Beats installed. In Beats (on the laptop), I would specify the output to be server01:5044. The bridged network in docker would then route the traffic intended for 5044 down into the container for Logstash.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.