Auditbeat vs testing ES output

stefws · March 6, 2020, 7:09am

Output config:

output.elasticsearch:
  # KEYs all expected to be found in ${path.data}/auditbeat.keystore
  hosts: ["${INGEST_URL}"]
  pipeline: auditbeat

  protocol: "${INGEST_PROTOCOL}"
  username: "${INGEST_USER}"
  password: "${INGEST_PWD}"

Just weird that 'test output' works fine through HAproxy from various wintel beats.
Tried from another Lintel client behind HAproxy with metricbeat running:

# /usr/share/metricbeat/bin/metricbeat test output -c /etc/metricbeat/metricbeat.yml
elasticsearch: https://<redacted>:9200...
  parse url... OK
  connection...
    parse host... OK
    dns lookup... OK
    addresses: <redacted>
    dial up... OK
  TLS...
    security... WARN server's certificate chain verification is disabled
    handshake... OK
    TLS version: TLSv1.2
    dial up... OK
  talk to server... OK
  version: 7.6.0

system · March 27, 2020, 7:09am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat data not being indexed Beats auditbeat	3	474	February 14, 2023
Auditbeat sends unencrypted data Beats auditbeat	1	288	August 28, 2020
Unable to test output with Filebeat to Elasticsearch Beats filebeat	2	1170	October 4, 2021
Filebeat Error Beats filebeat	4	307	November 30, 2023
Service Unavailable for [audit]beat Elasticsearch	2	361	March 31, 2020

Auditbeat vs testing ES output

Related topics