Cannot Access localhost:9200 when xpack.security.http.ssl.enabled is true

Elastic Stack Elasticsearch
1

Hi Team,

I'm a newbie for ElasticStack and I'm trying to run Kibana and MetricBeat with my Elasticsearch on my Windows Local Machine, I have both Elasticsearch and Kibana Running and I'm installing MetricBeat which requires communication to both. However it can only connect to Elasticsearch when xpack.security.http.ssl.enabled is false. If I turn it to true Kibana is running but I cannot access localhost:9200 and MetricBeat installation cannot communicate to Elasticsearch. I already tried following: Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [7.17] | Elastic and Set up basic security for the Elastic Stack | Elasticsearch Guide [7.17] | Elastic in an attempt to be able to access localhost:9200 while xpack.security.http.ssl.enabled is true however I cannot make it work. I also tried following https://discuss.elastic.co/t/how-to-config-kibana-if-xpack-security-http-ssl-enabled-is-false/307350 on which i reset the user kibana and updated the kibana.yml with

elasticsearch.username: "kibana"
elasticsearch.password: "iB1YXj-y-NlUp01i_-RO"

but im getting this error so it's a no go

\u001b[37m\u001b[41m FATAL \u001b[49m\u001b[39m Error: [config validation of [elasticsearch].serviceAccountToken]: serviceAccountToken cannot be specified when "username" is also set.

My elasticsearch.yml is

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
cluster.name: my-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 23-10-2024 09:17:25
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
#xpack.security.http.ssl:
#    enabled: true
#    keystore.path: certs/http.p12

xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.keystore.path: http.p12
  
# Enable encryption and mutual authentication between cluster nodes
#xpack.security.transport.ssl:
#  enabled: true
#  verification_mode: certificate
#  keystore.path: certs/transport.p12
#  truststore.path: certs/transport.p12
  
  
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["JEROME"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

Here is my kibana.yml

# For more configuration options see the configuration guide for Kibana in
# https://www.elastic.co/guide/index.html

# =================== System: Kibana Server ===================
# Kibana is served by a back end server. This setting specifies the port to use.
#server.port: 5601

# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
# The default is 'localhost', which usually means remote machines will not be able to connect.
# To allow connections from remote users, set this parameter to a non-loopback address.
server.host: "0.0.0.0"

# Enables you to specify a path to mount Kibana at if you are running behind a proxy.
# Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath
# from requests it receives, and to prevent a deprecation warning at startup.
# This setting cannot end in a slash.
#server.basePath: ""

# Specifies whether Kibana should rewrite requests that are prefixed with
# `server.basePath` or require that they are rewritten by your reverse proxy.
# Defaults to `false`.
#server.rewriteBasePath: false

# Specifies the public URL at which Kibana is available for end users. If
# `server.basePath` is configured this URL should end with the same basePath.
#server.publicBaseUrl: ""

# The maximum payload size in bytes for incoming server requests.
#server.maxPayload: 1048576

# The Kibana server's name. This is used for display purposes.
#server.name: "your-hostname"

# =================== System: Kibana Server (Optional) ===================
# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: false
#server.ssl.certificate: /path/to/your/server.crt
#server.ssl.key: /path/to/your/server.key

# =================== System: Elasticsearch ===================
# The URLs of the Elasticsearch instances to use for all your queries.
#elasticsearch.hosts: ["http://localhost:9200"]

# If your Elasticsearch is protected with basic authentication, these settings provide
# the username and password that the Kibana server uses to perform maintenance on the Kibana
# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
# is proxied through the Kibana server.
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "pass"

# Kibana can also authenticate to Elasticsearch via "service account tokens".
# Service account tokens are Bearer style tokens that replace the traditional username/password based configuration.
# Use this token instead of a username/password.
# elasticsearch.serviceAccountToken: "my_token"

# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
# the elasticsearch.requestTimeout setting.
#elasticsearch.pingTimeout: 1500

# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
# must be a positive integer.
#elasticsearch.requestTimeout: 30000

# The maximum number of sockets that can be used for communications with elasticsearch.
# Defaults to `Infinity`.
#elasticsearch.maxSockets: 1024

# Specifies whether Kibana should use compression for communications with elasticsearch
# Defaults to `false`.
#elasticsearch.compression: false

# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
# headers, set this value to [] (an empty list).
#elasticsearch.requestHeadersWhitelist: [ authorization ]

# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
#elasticsearch.customHeaders: {}

# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
#elasticsearch.shardTimeout: 30000

# =================== System: Elasticsearch (Optional) ===================
# These files are used to verify the identity of Kibana to Elasticsearch and are required when
# xpack.security.http.ssl.client_authentication in Elasticsearch is set to required.
#elasticsearch.ssl.certificate: /path/to/your/client.crt
#elasticsearch.ssl.key: /path/to/your/client.key

# Enables you to specify a path to the PEM file for the certificate
# authority for your Elasticsearch instance.
#elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]

# To disregard the validity of SSL certificates, change this setting's value to 'none'.
#elasticsearch.ssl.verificationMode: full

# =================== System: Logging ===================
# Set the value of this setting to off to suppress all logging output, or to debug to log everything. Defaults to 'info'
#logging.root.level: debug

# Enables you to specify a file where Kibana stores log output.
#logging.appenders.default:
#  type: file
#  fileName: /var/logs/kibana.log
#  layout:
#    type: json

# Example with size based log rotation
#logging.appenders.default:
#  type: rolling-file
#  fileName: /var/logs/kibana.log
#  policy:
#    type: size-limit
#    size: 256mb
#  strategy:
#    type: numeric
#    max: 10
#  layout:
#    type: json

# Logs queries sent to Elasticsearch.
#logging.loggers:
#  - name: elasticsearch.query
#    level: debug

# Logs http responses.
#logging.loggers:
#  - name: http.server.response
#    level: debug

# Logs system usage information.
#logging.loggers:
#  - name: metrics.ops
#    level: debug

# Enables debug logging on the browser (dev console)
#logging.browser.root:
#  level: debug

# =================== System: Other ===================
# The path where Kibana stores persistent data not saved in Elasticsearch. Defaults to data
#path.data: data

# Specifies the path where Kibana creates the process ID file.
#pid.file: /run/kibana/kibana.pid

# Set the interval in milliseconds to sample system and process performance
# metrics. Minimum is 100ms. Defaults to 5000ms.
#ops.interval: 5000

# Specifies locale to be used for all localizable strings, dates and number formats.
# Supported languages are the following: English (default) "en", Chinese "zh-CN", Japanese "ja-JP", French "fr-FR".
#i18n.locale: "en"

# =================== Frequently used (Optional)===================

# =================== Saved Objects: Migrations ===================
# Saved object migrations run at startup. If you run into migration-related issues, you might need to adjust these settings.

# The number of documents migrated at a time.
# If Kibana can't start up or upgrade due to an Elasticsearch `circuit_breaking_exception`,
# use a smaller batchSize value to reduce the memory pressure. Defaults to 1000 objects per batch.
#migrations.batchSize: 1000

# The maximum payload size for indexing batches of upgraded saved objects.
# To avoid migrations failing due to a 413 Request Entity Too Large response from Elasticsearch.
# This value should be lower than or equal to your Elasticsearch cluster’s `http.max_content_length`
# configuration option. Default: 100mb
#migrations.maxBatchSizeBytes: 100mb

# The number of times to retry temporary migration failures. Increase the setting
# if migrations fail frequently with a message such as `Unable to complete the [...] step after
# 15 attempts, terminating`. Defaults to 15
#migrations.retryAttempts: 15

# =================== Search Autocomplete ===================
# Time in milliseconds to wait for autocomplete suggestions from Elasticsearch.
# This value must be a whole number greater than zero. Defaults to 1000ms
#unifiedSearch.autocomplete.valueSuggestions.timeout: 1000

# Maximum number of documents loaded by each shard to generate autocomplete suggestions.
# This value must be a whole number greater than zero. Defaults to 100_000
#unifiedSearch.autocomplete.valueSuggestions.terminateAfter: 100000


# This section was automatically generated during setup.
#elasticsearch.hosts: ['https://192.168.100.69:9200']
elasticsearch.hosts: [ "https://localhost:9200" ]
elasticsearch.serviceAccountToken: AAEAAWVsYXN0aWMva2liYW5hL2Vucm9sbC1wcm9jZXNzLXRva2VuLTE3Mjk2NzYzNTg2MzY6c3hHOVUtb3pTU0s2RWpmXzBBMFMyZw
#elasticsearch.ssl.certificateAuthorities: ['C:\Users\jerom\OneDrive\Desktop\ES\kibana-8.15.3\data\ca_1729676359100.crt'
elasticsearch.ssl.certificateAuthorities: [ "config/elasticsearch-ca.pem" ]
xpack.fleet.outputs: [{id: fleet-default-output, name: default, is_default: true, is_default_monitoring: true, type: elasticsearch, hosts: ['https://192.168.100.69:9200'], ca_trusted_fingerprint: 1b53b4dc84f108c0891d6d0dc1d964709c8eeb7c3cb51ca6bc73b9516a18141a}]
#elasticsearch.username: "kibana"
#elasticsearch.password: "iB1YXj-y-NlUp01i_-RO"
2

Please show us the errors you encountered when you did these steps.

4

Hi Tim,

Good day, for reference I'm following this guide https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-installation-configuration.html

This is the run for xpack.security.enrollment.enabled: true:
Kibana and Elasticsearch is running fine on the background but localhost:9200 is unreacheable
so I get this error:

MetricBeat

{"log.level":"error","@timestamp":"2024-10-24T15:51:37.260+0800","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","file.name":"instance/beat.go","file.line":1360},"message":"Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://localhost:9200: Get \"http://localhost:9200\": EOF]","service.name":"metricbeat","ecs.version":"1.6.0"}
Exiting: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at http://localhost:9200: Get "http://localhost:9200": EOF]

Elasticsearch

Localhost9200
Localhost9200638×552 7.32 KB

Kibana

Kibana
Kibana1480×728 67.3 KB

This is the run for xpack.security.enrollment.enabled: false:
localhost:9200 is reacheable and Metricbeat is able to connect during setup but failed since Kibana is not running.

MetricBeat

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
{"log.level":"info","@timestamp":"2024-10-24T15:25:36.054+0800","log.logger":"kibana","log.origin":{"function":"github.com/elastic/elastic-agent-libs/kibana.NewClientWithConfigDefault","file.name":"kibana/client.go","file.line":181},"message":"Kibana url: http://localhost:5601","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2024-10-24T15:25:36.060+0800","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.handleError","file.name":"instance/beat.go","file.line":1360},"message":"Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to http://localhost:5601/api/status fails: status=503. Response: {\"status\":{\"overall\":{\"level\":\"unavailable\"}}}","service.name":"metricbeat","ecs.version":"1.6.0"}
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to http://localhost:5601/api/status fails: status=503. Response: {"status":{"overall":{"level":"unavailable"}}}

Elasticsearch

elastic2
elastic2851×460 13.1 KB

Kibana

[2024-10-24T15:12:21.678+08:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. write EPROTO 945A0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:c:\ws\deps\openssl\openssl\ssl\record\ssl3_record.c:355:

[2024-10-24T15:32:08.421+08:00][ERROR][plugins.ruleRegistry] Error: Timeout: it took more than 1200000ms
    at Timeout._onTimeout (C:\Users\jerom\OneDrive\Desktop\ES\kibana-8.15.3\node_modules\@kbn\alerting-plugin\server\alerts_service\lib\install_with_timeout.js:43:18)
    at listOnTimeout (node:internal/timers:573:17)
    at processTimers (node:internal/timers:514:7)
[2024-10-24T15:32:08.422+08:00][ERROR][plugins.ruleRegistry] Error: Failure during installation of common resources shared between all indices. Timeout: it took more than 1200000ms
    at installWithTimeout (C:\Users\jerom\OneDrive\Desktop\ES\kibana-8.15.3\node_modules\@kbn\alerting-plugin\server\alerts_service\lib\install_with_timeout.js:59:13)
    at ResourceInstaller.installCommonResources (C:\Users\jerom\OneDrive\Desktop\ES\kibana-8.15.3\node_modules\@kbn\rule-registry-plugin\server\rule_data_plugin_service\resource_installer.js:42:5)

kibana2
kibana21382×450 8.11 KB

5

If you have xpack.security.http.ssl.enabled set to true then this needs to be https://localhost:9200/

7

Gotcha Tim,

Finally finished the setup just one final question though, How to run the service properly as I'm following this guide inside Kibana but no data has been received from this module yet based on the module status:

image
image1200×1174 81.7 KB

Metricbeat setup completed and "Start-Service metricbeat" ran:

PS C:\Users\jerom\OneDrive\Desktop\ES\MetricBeat>  .\metricbeat.exe setup -e
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.238+0800","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.name":"instance/beat.go","file.line":828},"message":"Home path: [C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat] Config path: [C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat] Data path: [C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat\\data] Logs path: [C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat\\logs]","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.238+0800","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).configure","file.name":"instance/beat.go","file.line":836},"message":"Beat ID: 8850be9f-e748-432c-983a-bf2acebae244","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.278+0800","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","file.name":"instance/beat.go","file.line":1385},"message":"Beat info","service.name":"metricbeat","system_info":{"beat":{"path":{"config":"C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat","data":"C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat\\data","home":"C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat","logs":"C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat\\logs"},"type":"metricbeat","uuid":"8850be9f-e748-432c-983a-bf2acebae244"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.278+0800","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","file.name":"instance/beat.go","file.line":1394},"message":"Build info","service.name":"metricbeat","system_info":{"build":{"commit":"bbed3ae55602e83f57c62de85b57a3593aa49efa","libbeat":"8.15.3","time":"2024-10-08T17:03:26.000Z","version":"8.15.3"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.279+0800","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","file.name":"instance/beat.go","file.line":1397},"message":"Go runtime info","service.name":"metricbeat","system_info":{"go":{"os":"windows","arch":"amd64","max_procs":12,"version":"go1.22.8"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.290+0800","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","file.name":"instance/beat.go","file.line":1403},"message":"Host info","service.name":"metricbeat","system_info":{"host":{"architecture":"x86_64","native_architecture":"x86_64","boot_time":"2024-10-29T16:11:34+08:00","name":"jerome","ip":["fe80::62de:52a:d69a:3d8e","169.254.225.168","fe80::d360:8570:62a4:2e34","169.254.108.166","fe80::d6da:2550:ccdf:6294","169.254.28.193","fe80::d6da:2550:ccdf:6294","192.168.100.69","::1","127.0.0.1"],"kernel_version":"10.0.26100.2033 (WinBuild.160101.0800)","mac":["d8:5e:d3:89:6b:08","32:de:4b:03:9b:85","30:de:4b:03:9b:85","30:de:4b:03:9b:85"],"os":{"type":"windows","family":"windows","platform":"windows","name":"Windows 11 Home","version":"10.0","major":10,"minor":0,"patch":0,"build":"26100.2033"},"timezone":"+08","timezone_offset_sec":28800,"id":"52bcc470-3853-4c64-a0ee-6ed633c63ae3"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.290+0800","log.logger":"beat","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.logSystemInfo","file.name":"instance/beat.go","file.line":1432},"message":"Process info","service.name":"metricbeat","system_info":{"process":{"cwd":"C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat","exe":"C:\\Users\\jerom\\OneDrive\\Desktop\\ES\\MetricBeat\\metricbeat.exe","name":"metricbeat.exe","pid":22560,"ppid":11604,"start_time":"2024-10-29T21:41:39.147+0800"},"ecs.version":"1.6.0"}}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.290+0800","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).createBeater","file.name":"instance/beat.go","file.line":341},"message":"Setup Beat: metricbeat; Version: 8.15.3","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.313+0800","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES","file.name":"elasticsearch/elasticsearch.go","file.line":63},"message":"Applying performance preset 'balanced': {\n  \"bulk_max_size\": 1600,\n  \"compression_level\": 1,\n  \"idle_connection_timeout\": \"3s\",\n  \"queue\": {\n    \"mem\": {\n      \"events\": 3200,\n      \"flush\": {\n        \"min_events\": 1600,\n        \"timeout\": \"10s\"\n      }\n    }\n  },\n  \"worker\": 1\n}","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"warn","@timestamp":"2024-10-29T21:41:47.313+0800","log.logger":"elasticsearch","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/outputs/elasticsearch.makeES","file.name":"elasticsearch/elasticsearch.go","file.line":66},"message":"Performance preset 'balanced' overrides user setting for field 'bulk_max_size'","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.314+0800","log.logger":"esclientleg","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection","file.name":"eslegclient/connection.go","file.line":133},"message":"elasticsearch url: https://localhost:9200","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.314+0800","log.logger":"publisher","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/publisher/pipeline.LoadWithSettings","file.name":"pipeline/module.go","file.line":105},"message":"Beat name: Jerome","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.335+0800","log.logger":"esclientleg","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.NewConnection","file.name":"eslegclient/connection.go","file.line":133},"message":"elasticsearch url: https://localhost:9200","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.353+0800","log.logger":"tls","log.origin":{"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.trustRootCA","file.name":"tlscommon/tls_config.go","file.line":179},"message":"'ca_trusted_fingerprint' set, looking for matching fingerprints","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.353+0800","log.logger":"tls","log.origin":{"function":"github.com/elastic/elastic-agent-libs/transport/tlscommon.trustRootCA","file.name":"tlscommon/tls_config.go","file.line":199},"message":"CA certificate matching 'ca_trusted_fingerprint' found, adding it to 'certificate_authorities'","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.356+0800","log.logger":"esclientleg","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/esleg/eslegclient.(*Connection).Ping","file.name":"eslegclient/connection.go","file.line":322},"message":"Attempting to connect to Elasticsearch version 8.15.3 (default)","service.name":"metricbeat","ecs.version":"1.6.0"}
Overwriting lifecycle policy is disabled. Set `setup.ilm.overwrite: true` to overwrite.
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.356+0800","log.logger":"index-management","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/idxmgmt.(*indexManager).Setup","file.name":"idxmgmt/index_support.go","file.line":254},"message":"Auto lifecycle enable success.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.359+0800","log.logger":"index-management.ilm","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/idxmgmt/lifecycle.(*stdManager).EnsurePolicy","file.name":"lifecycle/standard_manager.go","file.line":111},"message":"lifecycle policy metricbeat exists already.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.359+0800","log.logger":"index-management","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/idxmgmt.applyLifecycleSettingsToTemplate","file.name":"idxmgmt/index_support.go","file.line":402},"message":"Set settings.index.lifecycle.name in template to metricbeat as ILM is enabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.369+0800","log.logger":"template","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/template.(*templateBuilder).buildBody","file.name":"template/load.go","file.line":263},"message":"Existing template will be overwritten, as overwrite is enabled.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.625+0800","log.logger":"template_loader","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/template.(*ESLoader).loadTemplate","file.name":"template/load.go","file.line":177},"message":"Try loading template metricbeat-8.15.3 to Elasticsearch","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.713+0800","log.logger":"template_loader","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/template.(*ESLoader).Load","file.name":"template/load.go","file.line":134},"message":"Template with name \"metricbeat-8.15.3\" loaded.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.714+0800","log.logger":"template_loader","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/template.(*ESLoader).Load","file.name":"template/load.go","file.line":150},"message":"Data stream with name \"metricbeat-8.15.3\" already exists.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.715+0800","log.logger":"index-management","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/idxmgmt.(*indexManager).Setup","file.name":"idxmgmt/index_support.go","file.line":299},"message":"Loaded index template.","service.name":"metricbeat","ecs.version":"1.6.0"}
Index setup finished.
Loading dashboards (Kibana must be running and reachable)
{"log.level":"info","@timestamp":"2024-10-29T21:41:47.715+0800","log.logger":"kibana","log.origin":{"function":"github.com/elastic/elastic-agent-libs/kibana.NewClientWithConfigDefault","file.name":"kibana/client.go","file.line":181},"message":"Kibana url: http://localhost:5601","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:48.053+0800","log.logger":"kibana","log.origin":{"function":"github.com/elastic/elastic-agent-libs/kibana.NewClientWithConfigDefault","file.name":"kibana/client.go","file.line":181},"message":"Kibana url: http://localhost:5601","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:41:50.288+0800","log.logger":"add_cloud_metadata","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/processors/add_cloud_metadata.(*addCloudMetadata).init.func1","file.name":"add_cloud_metadata/add_cloud_metadata.go","file.line":100},"message":"add_cloud_metadata: hosting provider type not detected.","service.name":"metricbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2024-10-29T21:44:02.792+0800","log.origin":{"function":"github.com/elastic/beats/v7/libbeat/cmd/instance.(*Beat).loadDashboards","file.name":"instance/beat.go","file.line":1072},"message":"Kibana dashboards successfully loaded.","service.name":"metricbeat","ecs.version":"1.6.0"}
Loaded dashboards
PS C:\Users\jerom\OneDrive\Desktop\ES\MetricBeat> Start-Service metricbeat
PS C:\Users\jerom\OneDrive\Desktop\ES\MetricBeat>

mssql.yml *do note that this is non production credentials yet I'm on the process of connecting my test database to Kibana.

# Module: mssql
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/8.15/metricbeat-module-mssql.html

- module: mssql
  metricsets:
    - "transaction_log"
    - "performance"
  hosts: ["sqlserver://localhost"]
  username: sa
  password: Youshallnotpass01
  period: 10s