Question

我尝试从filebeat-＆gt; logstash-＆gt;弹性搜索发送日志文件。 filebeat.yml。但是我在filebeat日志中收到以下错误：

2017-12-07T16:15:38+05:30 ERR  Failed to connect: dial tcp [::1]:5044: connectex: No connection could be made because the target machine actively refused it.

我的filebeat和logstash配置如下：

1.filebeat.yml

filebeat.prospectors:

- input_type: log
  paths:
    - C:\Users\shreya\Data\mylog.log 
  document_type: springlog
 multiline.pattern: ^\[[0-9]{4}-[0-9]{2}-[0-9]{2}
  multiline.negate: true
  multiline.match: before
output.logstash:
  hosts: ["localhost:5044"]

2.logstash.yml

    http.host: "127.0.0.1"
    http.port: 5044

3.logstash conf file：

input {
     beats {
        port => 5044
    codec => multiline {
    pattern => "^(%{TIMESTAMP_ISO8601})"
        negate => true
        what => "previous"
    }
  }
}
filter {
    grok{
    id => "myspringlogfilter"
    match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}; [LOG_LEVEL=%{LOGLEVEL:log-level}, CMPNT_NM= %{GREEDYDATA:component}, MESSAGE=%{GREEDYDATA:message}" }
    overwrite => ["message"]

    }

}
output {
    elasticsearch {
        hosts => "localhost:9200" 
        manage_template => false
            index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" 
        document_type => "%{[@metadata][type]}"     
    }
    stdout {
         codec => rubydebug
  }
}

Answer 1

在我在logstash.yml中注释掉度量标准设置后，问题得到解决，如下所示：

# ------------ Metrics Settings --------------
#
# Bind address for the metrics REST endpoint
#
#http.host: "127.0.0.1"
#
# Bind port for the metrics REST endpoint, this option also accept a range
# (9600-9700) and logstash will pick up the first available ports.
#
#http.port: 5044
#

但仍然不知道为什么这解决了这个问题。因为（filebeat和logstash）都指向同一个端口。如果有人能解释原因，然后事先谢谢！

Filebeat到logstash连接被拒绝

1 个答案: