Run Elastic Search and Logstash on different servers

Elastic Stack Elasticsearch
1

Hello everyone,
I am using logstash on a linux based server . I am collecting the logs on this server and after processing the logs with logstash i want to send these logs to elastic search which is on an amazon ec-2 instance . for this what are the changes i will have to make in logstash config file and elasticsearch.yml ,logstash.yml file...i am changing the logstash output filter from hosts => ["localhost:9200"] to hosts => ["ec-2ip:9200"] . Do i have to change anything else or should there be any protocol enabled between these two servers . TCP is enabled between them.
any help would be greeted .
thanks in advance .

Screenshot (45)
Screenshot (45)1920×1080 106 KB
Screenshot (47)
Screenshot (47)1920×1080 106 KB

2

please stop requiring immediate help in the different posts that you have created. This forum is based on volunteers helping out, please respect this. if you need commercial support within SLAs, you can get more information at https://www.elastic.co/subscriptions

Also, refrain from using screenshots, those are unreadable. This forums supports markdown and formatting code snippets with markdown is a breeze and makes things a million times readable.

Also, there is no error message here so I am not sure what you are asking. If something is not working, please help us identify that something.

Thank you!

3

If you can query Elasticsearch API from the Logstash machine, then you should be good to go.

So try curl http://ec-2ip:9200

If that does not work you have to figure out what in your network is blocking the call.

nc is also good. You should be able to nc -v -z ec-2ip 9200 from the Logstash machine when the network is open.

Example successful outputs

$ curl ec-2ip:9200
{
  "name" : "ec-2ip",
  "cluster_name" : "my_cluster",
  "cluster_uuid" : "FH9URg-dSYGzGBs45gsO7A",
  "version" : {
    "number" : "6.8.6",
    "build_flavor" : "default",
    "build_type" : "deb",
    "build_hash" : "3d9f765",
    "build_date" : "2019-12-13T17:11:52.013738Z",
    "build_snapshot" : false,
    "lucene_version" : "7.7.2",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}
$ nc -v -z ec-2ip 9200
ec-2ip.example.com [10.4.240.115] 9200 (?) open
4

spinscale first of all click on the screenshot then u will be able to see them. And i just asked for help nothing else .if u can't do the same then atleast do not comment anything on my question.
Thanks!!

5

Ok i will check this thanks!!

6

Please read https://discuss.elastic.co/guidelines

Thanks

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.