Can't filter with winlogbeat.event_id on kibana

proxx · June 24, 2019, 10:55am

Can't filter with winlogbeat.event_id on kibana.

Have restarted my winlogbeat service on my windowss server 2012 and also my ELK server.

Any way out pls.

rashmi · June 24, 2019, 3:07pm

What is the error in the logs when you restart winlogbeat ? Would you mind sharing more information - like logs, version, steps to reproduce etc ?

Thanks
Rashmi

proxx · June 25, 2019, 4:05am

I'm using a ELK 7.1.1 and winglogbeat 7.1.1.

Logs.

proxx · July 11, 2019, 11:36am

So finally got the solution

I delete the indices for winlogbeat in elasticsearch

rashmi · July 16, 2019, 1:28pm

Glad it worked after deleting the indices..
Thanks for posting your solution...

system · August 13, 2019, 1:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat data missing Beats winlogbeat	6	924	August 18, 2022
Filtering Winlogbeat on Event ID Beats winlogbeat	8	10044	July 5, 2017
Unable to view winlogbeat log data Elasticsearch	1	167	November 2, 2022
Winlogbeat Dashboards mullered Elasticsearch	1	361	August 24, 2021
How to configure kibana to see data from winlogbeat Kibana	10	2272	October 10, 2017