Dear All,
I install winlogbeat in a remote window machine but cannot receive log from elk server. I check logstash log find following message. But I can receive other window machine log. May I know why?
Thanks
[2018-06-22T11:32:06,077][WARN ][logstash.outputs.elasticsearch] Could not index event to Elasticsearch. {:status=>400, :action=>["index", {:_id=>nil, :_index=>"winlogbeat-2018.06.22", :_type=>"doc", :_routing=>nil}, #LogStash::Event:0x482ccb74], :response=>{"index"=>{"_index"=>"winlogbeat-2018.06.22", "_type"=>"doc", "_id"=>"GkSMJWQBe6ImA6Ysj88n", "status"=>400, "error"=>{"type"=>"mapper_parsing_exception", "reason"=>"failed to parse [host]", "caused_by"=>{"type"=>"illegal_state_exception", "reason"=>"Can't get text on a START_OBJECT at 1:69"}}}}}
Best Regards,
Peter