Hello,
I've been trying to use the rabbitMQ input plugin for logstash with the Cisco AMP API. More specifically, i want to connect to a stream and continuously listen for events and send that to our ELK stack.
However, i am having difficulties even getting logstash to apply the configuration correctly.
This is my very basic and only configuration file in /etc/logstash/conf.d/
input {
rabbitmq {
host => "export-streaming.eu.amp.cisco.com"
user => "1123123123"
password => "123123123123"
queue => "event_stream_169"
port => 443
subscription_retry_interval_seconds => 5
}
}
output {
elasticsearch {
hosts => ["https://logstash.asgard.local:9200"]
user => logstash
password => "logstash"
ssl => true
ssl_certificate_verification => false
cacert => "/etc/logstash/root-ca.pem"
}
stdout { codec => rubydebug }
}
However i can see in the log that it tries to go to localhost:5672, it seems that some of my configuration files aren't applied?
Dec 04 15:35:38 lab01ubu logstash[12376]: [2018-12-04T15:35:38,618][ERROR][logstash.inputs.rabbitmq ] RabbitMQ connection error, will retry. {:error_message=>"Connection to localhost:5672 refused", :exception=>"MarchHare::ConnectionRe