i can show pictures of configurations if people need them. i think what is happening is elastic search is looking at loopback instead of eth0
You haven't given us much to work with here.
We don't want pictures of anything, but we do need more details, like configuration, Winlogbeat logs, Logstash logs, etc. Chances are that you'll discover the problem while you're collecting that information.
so here is my .yaml file
my conf file reads
input{ beats{port => 5044}}
output{elasticsearch{
hosts => ["localhost:9200"]
index => "logstash-%{+YYY.MM.dd}"
}}
You haven't provided any indication of the problem. Please provide logs from Winlogbeat and Logstash for starters.
Have you followed the Winlogbeat Getting Started guide which also includes a section on how to setup Logstash for Beats?
The problem is winlogbeats is creating registry items in C;/programData like it is supposed to but nothing is getting into the elk stack.
when i run netstat -an | grep 5044
i only get tcp6 could that be a problem?
when i run logstash in the foreground all i get is this......
Settings: Default filter workers: 1
the error reported is:
Address already in use - bind - Address already in use
Do you have anything else listening on port 5044, i.e. if you shut down Logstash is the port busy? Exactly how are you invoking Logstash?
i stopped logstash and then ran sudo /opt/logstash/bin/logstash -f /etc/logstash/conf.d and now i get this..
"Settings: Default filter workers: 1
Logstash startup completed"
Which means LS has started, that's good.
Now i am seeing my logstash items in elasticsearch so i think i got it working thanks guys 