I followed all the steps mentioned here readthedocs but my filebeat is not sending logs to the url http://localhost:9200/_search?pretty.
my filebeat.yml file is - https://ghostbin.com/paste/rrjeh
I didn't config any logstash file as mentioned.
my registry file is filling after starting of filebeat and filebeat log (syslog) is showing no error regarding filebeat
In the bottom of /etc/filebeat/filebeat.yml you should see a "logging" section. You will need to uncomment it and fill in the appropriate fields for you. Maybe some logging output would be helpful in formulating your question.
logging:
to_files: true
files:
path: /var/log/filebeat
name: filebeat.log
rotateeverybytes: 10485760 # = 10MB
keepfiles: 7
level: debug
I have filebeat version 5.0.0 installed on my machine. For deugging and logging purposes, below configurations in the logging section of filebeat.yml file helped me :
logging.level: debug
logging.to_files: true
logging.to_syslog: false
logging.files:
path: /var/log/mybeat
name: mybeat.log
keepfiles: 7
source- https://www.elastic.co/guide/en/beats/filebeat/current/configuration-logging.html
You can change filebeat's log level to 'info' to see it attempt to connect to logstash.
Your readthedocs link is currently broken, but if you haven't configured logstash to use a filebeat input on port 5044 and created a proper certificate for it, this will definitely not send logs as filebeat will just get a refused connection.
If you don't want to do any parsing with logstash, you could just use the elasticsearch output from filebeat and skip logstash all together.
It is normal,
you said, "i didn't config any logstash"... you specified a port "5044" moreover a certificate and furthermore no logstash configuration, you need in conf logstash
input{
beat{
port:5044
}
}
If you have no informations to add it is better to send directly to ES...
