Connecting remote windows metrics (beats) to linux elasticsearch

I have tried all kinds of settings from all the docs and discussions here and I am sure that I am missing something obvious but I need some assistance :slight_smile:

So I have a linux sytem (lets call this linuxserver) with Elasticsearch, Kibana and also Logstash and Beats. This all is working just fine on that localhost and I even have some syslog data from remote PDU's send through logstash into elastic/kibana. So all the basics seems to work.

But not I want to go a little further and get some metrics from windows servers into this linuxserver. So I installed the metricsbeats on that server (lets call this windowserver), enabled the windows module on the linuxserver (metricbeat modules enable windows) and after that on the windowsserver I tried .\metricbeat.exe setup, it then fails.

This resulted in :

PS C:\Program Files\metricbeat> .\metricbeat.exe setup
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http:
//linuxserver:9200: Get http://linuxserver:9200: dial tcp 10.10.10.11:9200: connectex: No connection could be made because the target machine actively refused it.]

This is what I altered in the metricbeats.yml on the windowsserver :

setup.kibana:

host: "linuxhost:5601"

output.elasticsearch:
# Array of hosts to connect to.
hosts: ["linuxhost:9200"]

And the most I altered in the electricsearch.yml is :

network.host: 10.10.10.12 (also tried with 0.0.0.0)
http.port: 9200
transport.host: 10.10.10.12
transport.port: 9300

I dont really think I need any except the network.host but who knows.
As you can see the machines are in the same subnet/network (these aren't the real ip addresses but similar for explaining). Currently I just have network.host: 0.0.0.0

Ow the windowsserver is a Windows 2016 server (firewalls off for the test) and the linuxserver is an Oracle Linux 7 (so similar to CentOS 7 etc) (don't believe any firewalls are on on this, firewalld is off and selinux I set to enforce 0)

Last but not least I do see traffic coming onto the linuxserver using tcpdump

Ah ow, aaaaand, everything (elasticsearch, kibana, logstash and metricbeat) on version 7.2.0

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.