Cannot get winlogbeats to send to logstash


Trying to get a new installation up and running but getting the following in my winlogbeats log:

2017-03-07T11:25:46Z ERR Connecting error publishing events (retrying): Get dial tcp connectex: No connection could be made because the target machine actively refused it.

my configs are:


#----------------------------- Logstash output --------------------------------
  # The Logstash hosts
  hosts: [""]

  # Optional SSL. By default is off.
  # List of root certificates for HTTPS server verifications
  #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]

  # Certificate for SSL client authentication
  #ssl.certificate: "/etc/pki/cl

  # Client Certificate Key
  #ssl.key: "/etc/pki/client/cert.key"

Logstash Config:

input {
  beats {
	port => 5044

output {
  elasticsearch {
    hosts => "localhost:9200"
    manage_template => false
    index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
    document_type => "%{[@metadata][type]}"


Based on the log message you provided you still have Winlogbeat configured to output to elasticsearch.

Make sure you comment out or completely remove the output.elasticsearch options. And then you need to uncomment the output.logstash line.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.