[Solved] Logstash does not work with beats

Elastic Stack Logstash
1

Hello,

  1. I installed the Logstash logstash-2.3.2-1.noarch.rpm to CentOS.

  2. Changed the config:
    input {
    beats {
    port => 5044
    }
    }
    output {
    elasticsearch {
    hosts => "srvis074.rccf.ru:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"
    }
    }

  3. tested config:
    [root@server bin]# ./logstash -f config.conf -t
    Configuration OK

  4. Check installed beats plugin:
    [root@server bin]# ./logstash-plugin list | grep beats
    logstash-input-beats

  5. Started the logstash service:
    [root@server bin]# service logstash status
    logstash is running

But winlogbeats cannot connect to server:5044:
2016/06/10 08:41:36.480268 single.go:152: INFO send fail
2016/06/10 08:41:36.480268 single.go:159: INFO backoff retry: 1m0s
2016/06/10 08:42:37.475388 single.go:126: INFO Connecting error publishing events (retrying): dial tcp server:504
4: connectex: No connection could be made because the target machine actively refused it.
2016/06/10 08:42:37.476364 single.go:152: INFO send fail
2016/06/10 08:42:37.477341 single.go:159: INFO backoff retry: 1m0s
2016/06/10 08:43:38.472460 single.go:126: INFO Connecting error publishing events (retrying): dial tcp server:504
4: connectex: No connection could be made because the target machine actively refused it.
2016/06/10 08:43:38.474413 single.go:152: INFO send fail
2016/06/10 08:43:38.474413 single.go:159: INFO backoff retry: 1m0s

2

isee next in the log:
logstash.err logstash.log logstash.stdout
[root@server elastic]# tail /var/log/logstash/logstash.log
{:timestamp=>"2016-06-10T11:27:51.194000+0300", :message=>"translation missing: en.logstash.runner.configuration.file-not-found", :level=>:error}
{:timestamp=>"2016-06-10T11:30:58.097000+0300", :message=>"translation missing: en.logstash.runner.configuration.file-not-found", :level=>:error}
{:timestamp=>"2016-06-10T11:44:27.028000+0300", :message=>"translation missing: en.logstash.runner.configuration.file-not-found", :level=>:error}

3

And I see next:
[root@server bin]# service logstash restart
Configuration error. Not restarting. Re-run with configtest parameter for details
[root@server bin]# ./logstash -f config.conf -t
Configuration OK

4

I find the reason of issue:
I have config in /opt/logstash/bin/ but it needed in /etc/logstash/conf.d/logstash.conf
I copied it to /etc/logstash/conf.d/ and restart the service logstash and now it working fine