I am trying to setup logstash behind a load balancer which seems to be something that has been mentioned by plenty of other people and seems trivial. I have no issues with the health check when I use an ALB where the health check is using the monitoring API on 9600, but I need to send traffic on the beats port which isn't using http so the traffic fails to go through. However, when I try to use an NLB regardless of whether I use TCP health check or an HTTP health check on 9600 or a TCP check on 5044 (for beats), the check always fails.
I have no issues curling or netcat-ing port 9600 from outside the instance.
Does anyone know why this is? What am I missing?