Filebeat > is it possible to send data to Elasticsearch by means of Filebeat without Logstash

4
votes

I am a newbie of ELK. I installed first Elasticsearch and Filebeat without Logstash, and I would like to send data from Filebeat to Elasticsearch. After I installed the Filebeat and configured the log files and Elasticsearch host, I started the Filebeat, but then nothing happened even though there are lots of rows in the log files, which Filebeats prospects.

So is it possible to forward log data directly to Elasticsearch host without Logstash at all? I

1
elasticsearchelastic-stackfilebeat
Yes, it is definitely possible. Can you update your question with your filebeat configuration, please? Also can state specify which ES version you are using?Val
filebeat: prospectors: - paths: - "/opt/logs/*.log" input_type: log output: elasticsearch: hosts: ["front.development.xxx:9200"]Rui
It's more legible if you update your question with the properly formatted configuration.Val
My configuration is pretty basic as shown above. But after I started the Filebeat and Elasticsearch, nothing happenend at all :<Rui
What ES version are you using?Val

1 Answers

1
votes

It looks like your ES 2.3.1 is only configured to be reachable from localhost (default since ES 2.0)

You need to modify your elasticsearch.yml file with this and restart ES:

network.host: 168.17.0.100

Then your filebeat output configuration needs to look like this:

output:
   elasticsearch:
     hosts: ["168.17.0.100:9200"]

Then you can check in your ES filebeat-* indices that you're getting the new log data (i.e. the hits.total count should increase over time):

curl -XGET 168.17.0.100:9200/filebeat-*/_search