Elastic Templates:

I have installed Winlogbeats and have created an elastic template using a PowerShell statement. I wish to install it on a version elastic in my Ubuntu installation. The PowerShell statement does not allow transfer of that template using the PowerShell statement available. It keeps telling me that it cannot access the server but I have port 9200 listening. I thought I would like to install the index template directly on Ubuntu but cannot figure out how to install it in the correct place for Elasticsearch 7.1. Does anyone know where to place it or how to incorporate the template into Elastic? Write me at charleseblack126@gmail.com with the answer.

Welcome to our community! :smiley:

Just to make sure I am following along, you have created your own template and want Winlogbeat to load it? Or do you want to load it yourself?

If you are getting an error here, then sharing that would be useful.

For clarity: I have created my template, in windows, for the index template that Elastic needs to interpret incoming logstash information. The system named it winlogbeat.template.json. I can transport that over to Ubuntu using ssh. Once there, I need to know how to make it a part of my Elastic installation. If I need to run a command, please guide me. If I need to put it in a folder, direct me where I can find it. I have been searching the documentation to no avail.

Charles E. Black, MS.


I am getting the message, cannot log on to server. I have port 9200 open, should not be a problem.

Hi @charleseblack126 welcome to the community

I suspect you did a basic / default install

There are some important concept that you really need to understand / take a look at with respect to Elasticsearch ...by default elasticsearch only binds to localhost i.e. it is not reachable from the network

Take a look at This post that I wrote up a while ago...

In short, Elastic forces you to make a very conscious decision to attach your cluster to the network... as soon as you do you should be thinking about auth / auth data security etc. With the proper configuration you can dev / test etc , but you need to set some settings and you should read about them first... but in no way do we recommend putting production data in an unsecured cluster.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.