I have tried all kinds of settings from all the docs and discussions here and I am sure that I am missing something obvious but I need some assistance
So I have a linux sytem (lets call this linuxserver) with Elasticsearch, Kibana and also Logstash and Beats. This all is working just fine on that localhost and I even have some syslog data from remote PDU's send through logstash into elastic/kibana. So all the basics seems to work.
But not I want to go a little further and get some metrics from windows servers into this linuxserver. So I installed the metricsbeats on that server (lets call this windowserver), enabled the windows module on the linuxserver (metricbeat modules enable windows) and after that on the windowsserver I tried .\metricbeat.exe setup, it then fails.
This resulted in :
PS C:\Program Files\metricbeat> .\metricbeat.exe setup
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http:
//linuxserver:9200: Get http://linuxserver:9200: dial tcp 10.10.10.11:9200: connectex: No connection could be made because the target machine actively refused it.]
This is what I altered in the metricbeats.yml on the windowsserver :
# Array of hosts to connect to.
And the most I altered in the electricsearch.yml is :
network.host: 10.10.10.12 (also tried with 0.0.0.0)
I dont really think I need any except the network.host but who knows.
As you can see the machines are in the same subnet/network (these aren't the real ip addresses but similar for explaining). Currently I just have network.host: 0.0.0.0
Ow the windowsserver is a Windows 2016 server (firewalls off for the test) and the linuxserver is an Oracle Linux 7 (so similar to CentOS 7 etc) (don't believe any firewalls are on on this, firewalld is off and selinux I set to enforce 0)
Last but not least I do see traffic coming onto the linuxserver using tcpdump
Ah ow, aaaaand, everything (elasticsearch, kibana, logstash and metricbeat) on version 7.2.0