In my filebeat.yml file I have this:
filebeat.inputs:
- type: udp
host: "localhost:15656"
enabled: true
output.elasticsearch:
hosts: ["localhost:9200"]
username: "elastic"
password: "changeme"
Following the guide here: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html#start
I sent the command: filebeat setup -e followed by sudo service filebeat start checking the status shows that it is listening for UDP connection:
Mar 22 11:07:20 ip-172-41-12-144 filebeat[425]: 2021-03-22T11:07:20.706Z INFO udp/input.go:99 Starting UDP input
Mar 22 11:07:20 ip-172-41-12-144 filebeat[425]: 2021-03-22T11:07:20.706Z INFO [UDP] dgram/server.go:96 **Started listening for UDP connection**
Mar 22 11:07:20 ip-172-41-12-144 filebeat[425]: 2021-03-22T11:07:20.707Z INFO cfgfile/reload.go:164 Config reloader started
Mar 22 11:07:20 ip-172-41-12-144 filebeat[425]: 2021-03-22T11:07:20.707Z INFO cfgfile/reload.go:224 Loading of config files completed.
But I have no way of knowing if I recieved any UDP packets. Would be great if something was outputted on the screen whenever a packet was received. I don't see anything in elasticsearch or kibana and I know for certain I am sending the packets correctly as logstash could receive them. I stopped using logstash because it was too slow on my server so I tried using filebeat instead but I can't make it receive UDP packets...
What you can do is to replace the elasticsearch output by the console one, so that each event you receive will be shown in your terminal:
#output.elasticsearch:
# hosts: ["localhost:9200"]
# username: "elastic"
# password: "changeme"
output.console:
pretty: true