Before I installed x-pack, everything worked well. When I installed x-pack, I received a 401 error and I configured the user according to the official document. But my filebeat can not connect to logstash.
Logstash error message: [WARN] [logstash.agent] crisis pipeline {: id => ". Monitoring-logstash"}
Filebeat error message:ERR Connecting error publishing events (retrying): dial tcp 192.168.117.150:50
44: connectex: No connection could be made because the target machine actively refused it.
This is my Logstash configuration file:
input {
beats {
port => "5043"
ssl => false
}
}
filter {
if [message] =~ "^#" {
drop {}
}
grok {
match => {"message" => "%{TIMESTAMP_ISO8601:log_timestamp} %{WORD:sitename} %{IPORHOST:serverip} %{WORD:method} %{URIPATH:uri-stem} %{NOTSPACE:uri-query} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clientip} %{NOTSPACE:useragent} %{NUMBER:response} %{NUMBER:subresponse} %{NUMBER:scstatus} %{NUMBER:time_taken}"}
}
date {
locale => "en"
match => ["log_timestamp","YYYY-MM-dd HH:mm:ss"]
timezone => "Etc/UTC"
remove_field => ["log_timestamp"]
}
mutate {
remove_field => ["message","tags","input_type","beat"]
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
document_type => "iis_log"
index => "dog-%{+YYYY.MM.dd}"
user => logstash-index
password => password
}
}
This is my filebeat configuration file
filebeat.prospectors:
- input_type: log
paths:- C:\inetpub\logs\LogFiles\W3SVC*
document_type: iis_log
output.logstash:
hosts: ["192.168.1.101:5043"]
bulk_max_size: 1024
- C:\inetpub\logs\LogFiles\W3SVC*
Because i am copying, so their format is like wrong. In the test environment, the configuration file format is correct