Connecting remote windows metrics (beats) to linux elasticsearch

SteMan · June 27, 2019, 9:51am

I have tried all kinds of settings from all the docs and discussions here and I am sure that I am missing something obvious but I need some assistance

So I have a linux sytem (lets call this linuxserver) with Elasticsearch, Kibana and also Logstash and Beats. This all is working just fine on that localhost and I even have some syslog data from remote PDU's send through logstash into elastic/kibana. So all the basics seems to work.

But not I want to go a little further and get some metrics from windows servers into this linuxserver. So I installed the metricsbeats on that server (lets call this windowserver), enabled the windows module on the linuxserver (metricbeat modules enable windows) and after that on the windowsserver I tried .\metricbeat.exe setup, it then fails.

This resulted in :

PS C:\Program Files\metricbeat> .\metricbeat.exe setup
Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http:
//linuxserver:9200: Get http://linuxserver:9200: dial tcp 10.10.10.11:9200: connectex: No connection could be made because the target machine actively refused it.]

This is what I altered in the metricbeats.yml on the windowsserver :

setup.kibana:

host: "linuxhost:5601"

output.elasticsearch:
# Array of hosts to connect to.
hosts: ["linuxhost:9200"]

And the most I altered in the electricsearch.yml is :

network.host: 10.10.10.12 (also tried with 0.0.0.0)
http.port: 9200
transport.host: 10.10.10.12
transport.port: 9300

I dont really think I need any except the network.host but who knows.
As you can see the machines are in the same subnet/network (these aren't the real ip addresses but similar for explaining). Currently I just have network.host: 0.0.0.0

Ow the windowsserver is a Windows 2016 server (firewalls off for the test) and the linuxserver is an Oracle Linux 7 (so similar to CentOS 7 etc) (don't believe any firewalls are on on this, firewalld is off and selinux I set to enforce 0)

Last but not least I do see traffic coming onto the linuxserver using tcpdump

Ah ow, aaaaand, everything (elasticsearch, kibana, logstash and metricbeat) on version 7.2.0

system · July 25, 2019, 9:52am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Issue to setting up Metricbeat on Linux Beats metricbeat	3	355	October 1, 2019
Metricbeat won't connect to Logstash over network Beats metricbeat	3	846	August 16, 2019
Metricbeat 6.0.0 Problem getting metrics from windows and linux Hosts Beats metricbeat	2	523	December 28, 2017
Connect to ElasticSearch with HTTPS Beats metricbeat	2	431	August 25, 2020
DNS lookup failure \| Failed to connect to backoff(async(tcp \| no such host Beats docker , filebeat , metricbeat , auditbeat	11	2087	September 26, 2022

Connecting remote windows metrics (beats) to linux elasticsearch

Related topics