Reputation: 21
File Beat not able to connect with logstash from another instance (ELK stack)
I have ELK stack on one EC2 instance which is running perfectly. In my client server, I have installed filebeat which is supposed to send the log data to logstash from the client server. But I don't see any data in the Elasticsearch (or Kibana) When i checked logs in filebeat i see the below error message: "ERR Connecting error publishing events (retrying): x509: cannot validate certificate for because it doesn't contain any IP SANs"
Below is my filebeat.yml file:
filebeat.prospectors:
input_type: log
/var/log/*.log
#Logstash output
output.logstash:
# The Logstash hosts
hosts: [":5044"]
bulk_max_size: 1024
# Optional SSL. By default is off.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
I have followed the steps from the below article: https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-elk-stack-on-ubuntu-14-04
I have generated the self-signed certificate in ELK stack server and have copied the same to my client server.
Can anyone please help me in showing what I am doing wrong?
Upvotes: 1
Views: 725
Answers (1)
Reputation: 16362
From the error message, your certificate doesn't include the IP addresses of the machines involved.
A quick google search for the message found this discussion in Elastic's support portal.
Upvotes: 1
Related Questions
- Filebeat is unable to connect to elasticsearch
- why is filebeat unable to connect to logstash
- Logstash not opening input port for filebeat
- Can't connect Filebeat to Logstash
- Unable to start filebeat.error missing fileld
- Unable to connect Filebeat to logstash for logging using ELK
- Filebeat to logstash connection refused
- How to configure logstash and filebeat SSL communication
- Retrieve log file from distant server with FileBeat
- Connection refused from filebeat to logstash