Hi Stephen,
I had a look at the filebeat log .. I don't see any reference to azure in there
INFO instance/beat.go:665 Home path: [C:\ELK\Filebeat] Config path: [C:\ELK\Filebeat] Data path: [C:\ELK\Filebeat\data] Logs path: [C:\ELK\Filebeat\logs]
INFO instance/beat.go:673 Beat ID: bba9a310-1d63-4a77-b387-991c85d50517
INFO [beat] instance/beat.go:1014 Beat info {"system_info": {"beat": {"path": {"config": "C:\\ELK\\Filebeat", "data": "C:\\ELK\\Filebeat\\data", "home": "C:\\ELK\\Filebeat", "logs": "C:\\ELK\\Filebeat\\logs"}, "type": "filebeat", "uuid": "bba9a310-1d63-4a77-b387-991c85d50517"}}}
INFO [beat] instance/beat.go:1023 Build info {"system_info": {"build": {"commit": "054e224d226b42a1dd7c72dcf48c3f18de452e22", "libbeat": "7.13.0", "time": "2021-05-19T22:28:57.000Z", "version": "7.13.0"}}}
INFO [beat] instance/beat.go:1026 Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":4,"version":"go1.15.12"}}}
INFO [beat] instance/beat.go:1030 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2021-05-31T06:46:08.26+10:00","name":"MELYNP0853","ip":["172.29.236.176/32","169.254.48.141/16","169.254.139.74/16","169.254.245.133/16","169.254.113.91/16","192.168.1.102/24","::1/128","127.0.0.1/8"],"kernel_version":"10.0.17763.1935 (WinBuild.160101.0800)","mac":["f4:30:b9:15:06:5f","14:ab:c5:b0:d4:2b","16:ab:c5:b0:d4:2a","00:ff:fb:d5:40:9c","14:ab:c5:b0:d4:2a"],"os":{"type":"windows","family":"windows","platform":"windows","name":"Windows 10 Enterprise","version":"10.0","major":10,"minor":0,"patch":0,"build":"17763.1935"},"timezone":"AEST","timezone_offset_sec":36000,"id":"b54908d4-d30d-4f7f-848c-a142edd395bd"}}}
INFO [beat] instance/beat.go:1059 Process info {"system_info": {"process": {"cwd": "C:\\ELK\\Filebeat", "exe": "C:\\ELK\\Filebeat\\filebeat.exe", "name": "filebeat.exe", "pid": 10484, "ppid": 26008, "start_time": "2021-06-03T13:53:06.710+1000"}}}
INFO instance/beat.go:309 Setup Beat: filebeat; Version: 7.13.0
INFO [index-management] idxmgmt/std.go:184 Set output.elasticsearch.index to 'filebeat-7.13.0' as ILM is enabled.
INFO eslegclient/connection.go:99 elasticsearch url: http://localhost:9200
INFO [publisher] pipeline/module.go:113 Beat name: MyFileBeat
INFO kibana/client.go:119 Kibana url: http://localhost:5601
INFO [add_cloud_metadata] add_cloud_metadata/add_cloud_metadata.go:101 add_cloud_metadata: hosting provider type not detected.
INFO kibana/client.go:119 Kibana url: http://localhost:5601
ERROR instance/beat.go:989 Exiting: 1 error: error loading index pattern: returned 408 to import file: <nil>. Response: {"statusCode":408,"error":"Request Time-out","message":"Request Time-out"}
As per the doc .. I have initialized azure module and provided the necessary connection string.
Is there anything else that needs to be setup to pull logs.
Also most of the examples on the internet are for activity logs ... can it be any other logs from monitor or just activity logs.
Thanks