Connect Logstash to the Internet - Elasticsearch - Alibaba Cloud Documentation Center

Alibaba Cloud Logstash clusters are deployed in virtual private clouds (VPCs). If you want to use Logstash to collect data from the Internet or transfer collected data to the Internet, you must configure a Network Address Translation (NAT) gateway and use the gateway to connect your Logstash cluster to the Internet. This topic describes the procedure in detail.

Background information

Alibaba Cloud Logstash clusters are deployed in VPCs. If you want to use a Logstash cluster to migrate data, but the Logstash cluster resides in a VPC different from the source or destination, data cannot be transmitted between the source and destination. This is because a network connection cannot be established between the source and destination. In this case, you can use the Destination Network Address Translation (DNAT) and Source Network Address Translation (SNAT) features provided by the Alibaba Cloud NAT Gateway service to establish the network connection. The DNAT feature can enable services on the Internet to send data to Logstash. The SNAT feature can enable Logstash to access the Internet. For more information about the NAT Gateway service, see What is NAT Gateway?

Prerequisites

A VPC and a vSwitch are created.
For more information, see Create a VPC with an IPv4 CIDR block.
Create an Alibaba Cloud Logstash cluster.
For more information, see Create an Alibaba Cloud Logstash cluster.

Procedure

Go to the Logstash Clusters page of the Alibaba Cloud Elasticsearch console.
Navigate to the desired cluster.
1. In the top navigation bar, select the region where the cluster resides.
2. On the Logstash Clusters page, find the cluster and click its ID.
In the left-side navigation pane of the page that appears, click Network and Security.
In the Network Settings section, click Configure NAT Gateway.
For more information about the descriptions and configurations of NAT gateways, see Create and manage Internet NAT gateways. DNAT entries allow services on the Internet to send data to Logstash. SNAT entries allow Logstash to access the Internet.
On the Internet NAT Gateway page, click Create Internet NAT Gateway.
When you create a NAT gateway, select the region and VPC where the Logstash cluster resides. For more information, see Step 1: Create an Internet NAT gateway.
Associate an elastic IP address (EIP) with the NAT gateway.
1. On the Internet NAT Gateway page, find the NAT gateway and choose > Associate EIP in the Actions column.
2. In the Associate EIP dialog box, select Select Existing EIP.
  If no EIPs are available, select Purchase and Associate EIP and click OK. Then, an EIP is associated with the NAT gateway.
3. Select an EIP and click OK.
  Important
  You can associate a maximum of 20 EIPs with a NAT gateway. A maximum of 10 pay-as-you-go EIPs can be associated with a NAT gateway, and each of the pay-as-you-go EIPs supports a peak throughput of 200 Mbit/s. If you want to increase the number of EIPs that can be associated, you can submit a ticket.

Create a DNAT entry.

On the Internet NAT Gateway page, find the NAT gateway and click Configure DNAT in the Actions column.
On the page that appears, click the DNAT Management tab.
In the DNAT Entry List section, click Create DNAT Entry.

On the Create DNAT Entry page, configure the parameters.

Parameter	Description
Select EIP	Select an available public IP address. Note A public IP address specified in an SNAT entry cannot be specified in a DNAT entry.
Select Private IP Address	Select Manual Input and enter the IP address of a node in your Logstash cluster. You can obtain the IP addresses of the nodes in your Logstash cluster on the Basic Information page of the Logstash cluster. For more information, see View the basic information of a cluster.
Port Settings	Select a DNAT mapping method. Any Port: specifies IP address mapping. The selected public IP address is associated with the Logstash cluster. All requests that are destined for the public IP address are forwarded to the Logstash cluster. Custom Port: specifies port mapping. The NAT gateway forwards requests to the specified node based on the specified protocol and ports. If you select Custom Port, you must configure Public Port, Private Port, and Protocol. Public Port specifies the external port that is used for request forwarding. Private Port specifies the internal port that is used for request forwarding. Protocol specifies the protocol used by the ports.
Entry Name	Enter a name for the DNAT entry. The name must be 2 to 128 characters in length and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter.

Click OK.

Create an SNAT entry.

Go to the Internet NAT Gateway page. Find the NAT gateway and click Configure SNAT in the Actions column.
On the page that appears, click the SNAT Management tab.
In the SNAT Entry List section, click Create SNAT Entry.

On the Create SNAT Entry page, select Specify vSwitch for SNAT Entry and configure other parameters.

Parameter

Description

Select vSwitch

Select a vSwitch in the VPC where the Logstash cluster resides. All Elastic Compute Service (ECS) instances that belong to the specified vSwitch can access the Internet by using the SNAT feature.

Select EIP

Select the public IP address that is used to access the Internet. You can select multiple public IP addresses to build an SNAT IP address pool.

If you select multiple public IP addresses to build an SNAT IP address pool, make sure that these public IP addresses are associated with the same EIP bandwidth plan. For more information, see Associate EIPs with and disassociate EIPs from Internet Shared Bandwidth instances.

For more information about the parameters, see Create and manage SNAT entries.

Click OK.

Return to the Basic Information page of the Logstash cluster in the Elasticsearch console and configure a pipeline to transmit data over the Internet.
For more information, see Use configuration files to manage pipelines. The following code provides a configuration example:
```
input {
    beats {
        port => 8000
        host => "118.11.xx.xx"
    }
}
filter {

}
output {
    elasticsearch {
        hosts => ["http://es-cn-o40xxxxxxxxxx****.elasticsearch.aliyuncs.com:9200"]
        index => "logstash_test_1"
        password => "es_password"
        user => "elastic"
    }
    file_extend {
        path => "/ssd/1/ls-cn-v0h1kzca****/logstash/logs/debug/test"
    }
}
```
In the example, the source is Beats, the destination is an Elasticsearch cluster, the server on which Beats is deployed resides in the same VPC as the Logstash cluster, and the Elasticsearch cluster resides in a VPC different from the Logstash cluster. In this case, you must configure an SNAT entry for the Logstash cluster to enable the Logstash cluster to transmit data to the Elasticsearch cluster over the Internet.

References

How do I import or export data to Logstash over the Internet?
FAQ about data transfer by using Logstash
For information about how to use HTTPS, see Enable HTTPS.