You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Connection to node -1 (helk-kafka-broker/172.20.0.10:9092) could not be established. Broker may not be available. (org.apache.kafka.clients.NetworkClient)
What do I need to do, to get the filebeat logs into Kafka and then into Kibana (logstash- optional)?
Idea is to have filebeat eventually pick up logs from Zeek, and push into Kibana via Kafka.
Describe the problem
I am running helk with install option #4. IP of machine is 10.180.7.188, with all settings default.
I am able to send my system logs generated on localhost, picked up by filebeat, to elastic/ kibana.
What I would want is to have the logs come through Kafka (Filebeat-> Kafka-> Logstash(optional)->Elastic/Kibana)
So I go to Kafka bash as given here:
https://thehelk.com/how-to/kafka/topic-ingestion.html
and run the commands on the bash.
I get the following error:
Connection to node -1 (helk-kafka-broker/172.20.0.10:9092) could not be established. Broker may not be available. (org.apache.kafka.clients.NetworkClient)What do I need to do, to get the filebeat logs into Kafka and then into Kibana (logstash- optional)?
Idea is to have filebeat eventually pick up logs from Zeek, and push into Kibana via Kafka.
cat /etc/os-releaseUbuntu (Jammy) 22.04.2
echo -e "\nDocker Space:" && df -h /var/lib/docker; echo -e "\nMemory:" && free -g; echo -e "\nCores:" && getconf _NPROCESSORS_ONLN/dev/sda1 916G 669G 201G 77% /
Mem: 62 42 1 0 17 18
Cores:
16
Get output of the HELK docker containers:
docker ps --filter "name=helk"CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0fcdd775df83 confluentinc/ksqldb-cli:latest "/bin/sh" 3 weeks ago Up 3 weeks helk-ksql-cli 06610d2dc968 confluentinc/ksqldb-server:latest "/usr/bin/docker/run" 3 weeks ago Up 3 weeks 0.0.0.0:8088->8088/tcp, :::8088->8088/tcp helk-ksql-server 175cc81b6a35 otrf/helk-spark-worker:2.4.5 "./spark-worker-entr…" 3 weeks ago Up 3 weeks helk-spark-worker d4e9037b8f2c otrf/helk-kafka-broker:2.4.0 "./kafka-entrypoint.…" 3 weeks ago Up 3 weeks 0.0.0.0:9092->9092/tcp, :::9092->9092/tcp helk-kafka-broker 0ed243275620 docker_helk-jupyter "/opt/jupyter/script…" 3 weeks ago Up 3 weeks 8000/tcp, 8888/tcp helk-jupyter 987442d5f4aa otrf/helk-spark-master:2.4.5 "./spark-master-entr…" 3 weeks ago Up 3 weeks 7077/tcp, 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp helk-spark-master 3d1965622f31 otrf/helk-zookeeper:2.4.0 "./zookeeper-entrypo…" 3 weeks ago Up 24 hours 2181/tcp, 2888/tcp, 3888/tcp helk-zookeeper 9a417c2b8c46 otrf/helk-elastalert:latest "./elastalert-entryp…" 3 weeks ago Up 3 weeks helk-elastalert 0609c98210b0 otrf/helk-logstash:7.6.2.1 "/usr/share/logstash…" 3 weeks ago Up 3 weeks 0.0.0.0:3515->3515/tcp, :::3515->3515/tcp, 0.0.0.0:5044->5044/tcp, :::5044->5044/tcp, 0.0.0.0:5514->5514/tcp, 0.0.0.0:5514->5514/udp, :::5514->5514/tcp, :::5514->5514/udp, 0.0.0.0:8515-8516->8515-8516/tcp, :::8515-8516->8515-8516/tcp, 0.0.0.0:8531->8531/tcp, :::8531->8531/tcp, 0.0.0.0:8515-8516->8515-8516/udp, :::8515-8516->8515-8516/udp, 9600/tcp helk-logstash cc41c014c934 otrf/helk-nginx:0.3.0 "/opt/helk/scripts/n…" 3 weeks ago Up 3 weeks 0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp helk-nginx 9d753b0b3695 docker.elastic.co/kibana/kibana:7.6.2 "/usr/share/kibana/s…" 3 weeks ago Up 3 weeks 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp helk-kibana e06b4115ef16 docker.elastic.co/elasticsearch/elasticsearch:7.6.2 "/usr/share/elastics…" 3 weeks ago Up 3 weeks 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 9300/tcp helk-elasticsearchHELK version:
ad752b2 (HEAD -> master, origin/master, origin/HEAD) Update jvm.options (#563)Thanks & Regards,
The text was updated successfully, but these errors were encountered: