Standard "Filebeat won't send to Logstash" question

Elastic Stack Beats
1

I can't seem to find any hint in my logs that Filebeats is even trying to send the logs. This is version 6.2.3.

#=========================== Filebeat prospectors =============================

filebeat.prospectors:

# Each - is a prospector. Most options can be set at the prospector level, so
# you can use different prospectors for various configurations.
# Below are the prospector specific configurations.

- type: log

  # Change to true to enable this prospector configuration.
  enabled: false

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /var/log/suricata/eve.json
    - /var/log/*.log
    #- c:\programdata\elasticsearch\logs\*

My logstash does seem to accept data from 1.2.3 but I upgraded to 6.2.3 and can't send anymore.

output.elasticsearch:
  hosts: ["192.168.1.42:9200"]
2

You have the Elasticsearch output enabled. To send to LS you must enabled the Logstash output.

3

filebeat not forwarding logs to logstash

Please give me the solution for forwarding the log to logstash from filebeat, were the filebeat and logstash are in different VM

am getting the error of :
2018-04-10T11:39:05.750Z ERROR pipeline/output.go:74 Failed to connect: dial tcp 192.168.2.5:5044: getsockopt: connection refused

I just want to use the only filebeat and logstash.

4

Here you find details on how to setup Logstash output for Filebeat: https://www.elastic.co/guide/en/beats/filebeat/current/config-filebeat-logstash.html

Running filebeat test output should give you some more info on what is not setup correctly.

5

Hi snowy,

please set below parameter as "TRUE" and restart your filebeat and check.

Change to true to enable this prospector configuration.
enabled: true

Thanks,
Harsh Bajaj

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.