Graylog output to logstash

Im trying to send logs from my graylog instance into logstash and graylog is giving me the error:-

"2020-08-10T10:38:31.273Z ERROR [GelfTcpTransport] Connection failed: connection timed out: /logstashIP:5606
"
There is data going into my Graylog instance as i can see messages going in. I cant find any information online as to how to solve this issue.

Graylog output -
" * connect_timeout:1000

• hostname:logstashIP
• max_inflight_sends:512
• port:5606
• protocol:TCP
• queue_size:512
• reconnect_delay:500
• tcp_keep_alive:false
• tcp_no_delay:false
• tls_trust_cert_chain:*
• tls_verification_enabled:false"

Logstash config file -
“input {
gelf {
host => “localhost”
use_tcp => true
port_tcp => 5606
}
}
"

Can anyone suggest what is is i need to do to sort this as i am a complete loss?

First don’t use localhost as host in logstash config file, because, it will only listen to 127.0.0.1, so no remote connection from graylog (if logstash is on different host as graylog). Change it to 0.0.0.0 or better don’t use parameter host at all and try again.

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-gelf.html#plugins-inputs-gelf-host

So ive got rid of host and am still having the same issue. Can you suggest anything else?

1. First try to check, if port 5606 is opened from graylog box to logstash, run on graylog box:
   telnet LOGSTASH_IP 5606
   or nc LOGSTASH_IP 5606

2. Second, try to use this curl command from graylog box, to send example message to logstash:

echo -n '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }'"\0" | nc -w 1 LOGSTASH_IP 5606

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.