Hello and good time to you,
I have installed Elasticsearch along with Kibana, and I installed the Netflow record on Kibana to receive Netflow from Cisco Switch 2960. However, the Cisco Netflow logs are not being displayed in order for me to design a dashboard for them. That's why I installed Filebeat on the Kibana server.
When I enter the command filebeat setup
, I encounter the following error:
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://localhost:9200: Get "http://localhost:9200": EOF]
I have checked everything in Elasticsearch. The service is running and there doesn't seem to be any issues with Elasticsearch. However, when I use the following command: curl localhost:9200
, I encounter the error: curl: (52) Empty reply from server
.
When I use curl in the following format: curl https://192.168.3.95:9200 --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic
, everything works fine and I get the following output:
{
"name" : "elk",
"cluster_name" : "elk.local",
"cluster_uuid" : "_XQzrBqPQbaULAMZmOc84A",
"version" : {
"number" : "8.9.0",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "8aa461beb06aa0417a231c345a1b8c38fb498a0d",
"build_date" : "2023-07-19T14:43:58.555259655Z",
"build_snapshot" : false,
"lucene_version" : "9.7.0",
"minimum_wire_compatibility_version" : "7.17.0",
"minimum_index_compatibility_version" : "7.0.0"
},
"tagline" : "You Know, for Search"
}
The configuration for the elasticsearch
section in the filebeat.yml
file is as follows:
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["192.168.3.95:9200"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
username: "elastic"
password: "ODezoT8*T1MA3139Xu6N"
However, when I run the command filebeat setup
, I encounter the following error:
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://192.168.3.95:9200: Get "http://192.168.3.95:9200": EOF]
To resolve this issue, I changed the value in the elasticsearch.yml
file from xpack.security.enabled: true
to xpack.security.enabled: false
. However, Kibana stopped working and I had to reinstall it.
I only want to receive Netflow from Cisco Switch in Kibana and design a dashboard for it, but I don't know why it's not working. I was able to easily receive Netflow from the Cisco Switch in Graylog and design a dashboard for it. I expected to do the same without any issues in Kibana, but I have encountered several problems. I even enabled Logstash and configured it for receiving Netflow, but still, the Netflow logs are not being displayed in Kibana for me to design a dashboard. I have tried many things, and I no longer know what else to do. If you have any experience in this regard, please guide me to solve my problem. Otherwise, I may lose my work.