I use the container created by the Docker images docker.io/sebp/elk. When Filebeat connects to Elasticsearch, the information is displayed perfectly in Kibana.But after Filebeat connected to Logstash, Filebeat logs reported some errors:
2020-09-15T18:16:25.207+0800 ERROR pipeline/output.go:121 Failed to publish events: client is not connected
2020-09-15T18:16:25.207+0800 INFO pipeline/output.go:95 Connecting to backoff(async(tcp://localhost:5044))
2020-09-15T18:16:25.207+0800 INFO pipeline/output.go:105 Connection to backoff(async(tcp://localhost:5044)) established
2020-09-15T18:16:25.256+0800 ERROR logstash/async.go:256 Failed to publish events caused by: EOF
2020-09-15T18:16:25.304+0800 ERROR logstash/async.go:256 Failed to publish events caused by: client is not connected
This is my instruction to create ELK:
docker run -d -p 5601:5601 -p 9200:9200 -p 5044:5044 --name elk abce9b
Below is my Filebeat configuration file:
#-------------------------- Elasticsearch output ------------------------------
#output.elasticsearch:
#hosts: ["localhost:9200"]
#protocol: "https"
#username: "elastic"
#password: "changeme"
#----------------------------- Logstash output --------------------------------
output.logstash:
hosts: ["localhost:5044"]
#ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]
#ssl.certificate: "/etc/pki/client/cert.pem"
#ssl.key: "/etc/pki/client/cert.key"