1
votes

I am trying to install the ELK stack in the last couples of days but unfortunately I could not get it to work.

The steps that I've done:

  1. installing Elasticsearch with X-pack.
  2. installing Kibana 5 with X-pack.

kibana.yml:

server.port: 5601
elasticsearch.url: "http://localhost:9200"
  1. installing logstash, created logstash.conf under conf.d.

logstash.yml:

xpack.monitoring.enabled: false
path.logs: /var/log/logstash

conf.d/logstash.conf:

input {
    http {
           host => "127.0.0.1"
           port => 4000
   }
}

output {
    elasticsearch {

            host => "localhost:9200"
            protocol => "http"
            user => "*****"
            password => "*******"
    }
}

I can connect to kibana well, elasticsearch seems to work but the logstash is not give me any feedback for receiving posts. I try to post some data to the logstash via postman and i get connection refused.

I've double checked the security group and they are fine.

in the kibana i need to configure an index pattern, i am trying to choose logstash-* but it keep saying unable to fetch mapping, so i think that elasticsearch is empty.

Last year i installed elasticsearch 1.7 with kibana 4 and logstash with http plugin and with the same configurations and when i posted to it it returned 'ok'.

what am i missing here?

1
Is there anything showing up in the logstash logs?Will Barnwell
You can see what indices exist in you elasticsearch by going to :9200/_cat/indicesWill Barnwell
There are no logstash indices: yellow open index 8OTxvTswTxC_1tmAbjkqXg 5 1 1 0 3.9kb 3.9kb yellow open .kibana N0l2aTOQQDC8qWAvYE2MPw 1 1 1 0 3.2kb 3.2kbYanay Hollander
so logs are not making it to elasticsearch, evidenced by the lack of a logstash indexWill Barnwell
What error is showing up in your logstash logs?Will Barnwell

1 Answers

0
votes

Try using host => "0.0.0.0" instead of 127.0.0.1.

0.0.0.0 is the default value and should accept local posts.