I have ElasticSearch and Kibana running as dockers I documented it here: https://github.com/cwobuzz/Setting-up-Docker-Elastic-Kibana-Running-Sysmon-And-Agent/blob/master/.README.md
My Elastic-Agent is pushing Endpoint security logs, but Auditbeat, Filebeat and Winlogbeat are all showing 0 logs.
Metricbeat Monitor Log:
{"log.level":"info","@timestamp":"2021-02-11T13:00:09.510-0700","log.origin":{"file.name":"module/wrapper.go","file.line":259},"message":"Error fetching data for metricset beat.state: error making http request: Get \"http://npipe/state\": open \\\\.\\pipe\\default-endpoint-security: The system cannot find the file specified.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-02-11T13:00:09.510-0700","log.origin":{"file.name":"module/wrapper.go","file.line":259},"message":"Error fetching data for metricset beat.stats: error making http request: Get \"http://npipe/stats\": open \\\\.\\pipe\\default-endpoint-security: The system cannot find the file specified.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-02-11T13:00:09.510-0700","log.origin":{"file.name":"module/wrapper.go","file.line":259},"message":"Error fetching data for metricset http.json: error making http request: Get \"http://npipe/stats\": open \\\\.\\pipe\\default-endpoint-security: The system cannot find the file specified.","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-02-11T13:00:18.690-0700","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":144},"message":"Non-zero metrics in the last 30s","monitoring":{"metrics":{"beat":{"cpu":{"system":{"ticks":16078,"time":{"ms":94}},"total":{"ticks":25984,"time":{"ms":157},"value":25984},"user":{"ticks":9906,"time":{"ms":63}}},"handles":{"open":280},"info":{"ephemeral_id":"7c59624d-7982-49f4-aea7-9026c17c1816","uptime":{"ms":11191727}},"memstats":{"gc_next":17784784,"memory_alloc":9909672,"memory_total":776768968,"rss":59359232},"runtime":{"goroutines":92}},"libbeat":{"config":{"module":{"running":7}},"output":{"events":{"acked":30,"active":0,"batches":3,"total":30},"read":{"bytes":8147},"write":{"bytes":64007}},"pipeline":{"clients":10,"events":{"active":0,"published":30,"total":30},"queue":{"acked":30}}},"metricbeat":{"beat":{"state":{"events":9,"failures":3,"success":6},"stats":{"events":9,"failures":3,"success":6}},"http":{"json":{"events":12,"failures":3,"success":9}}}},"ecs.version":"1.6.0"}}
Filebeat Monitor Log
{"log.level":"info","@timestamp":"2021-02-11T13:00:19.011-0700","log.origin":{"file.name":"log/harvester.go","file.line":302},"message":"Harvester started for file: C:\\Program Files\\Elastic\\Agent\\data\\elastic-agent-84c4d4\\logs\\default\\metricbeat-json.log","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2021-02-11T13:00:19.011-0700","log.logger":"jsonhelper","log.origin":{"file.name":"jsontransform/jsonhelper.go","file.line":62},"message":"JSON: Won't overwrite @timestamp because of parsing error: parsing time \"2021-02-11T13:00:13.850-0700\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"-0700\" as \"Z07:00\"","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2021-02-11T13:00:19.011-0700","log.origin":{"file.name":"log/harvester.go","file.line":302},"message":"Harvester started for file: C:\\Program Files\\Elastic\\Agent\\data\\elastic-agent-84c4d4\\logs\\default\\filebeat-json.log","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2021-02-11T13:00:19.011-0700","log.logger":"jsonhelper","log.origin":{"file.name":"jsontransform/jsonhelper.go","file.line":62},"message":"JSON: Won't overwrite @timestamp because of parsing error: parsing time \"2021-02-11T13:00:17.285-0700\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"-0700\" as \"Z07:00\"","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2021-02-11T13:00:44.034-0700","log.logger":"jsonhelper","log.origin":{"file.name":"jsontransform/jsonhelper.go","file.line":62},"message":"JSON: Won't overwrite @timestamp because of parsing error: parsing time \"2021-02-11T13:00:43.862-0700\" as \"2006-01-02T15:04:05Z07:00\": cannot parse \"-0700\" as \"Z07:00\"","ecs.version":"1.6.0"}
Agent Watcher Log
{"log.level":"error","@timestamp":"2021-02-11T09:53:35.251-0700","log.origin":{"file.name":"cmd/watch.go","file.line":60},"message":"failed to load markeropen C:\\Program Files\\Elastic\\Agent\\data\\.update-marker: The system cannot find the file specified.","ecs.version":"1.6.0"}