Yes docker is running.. output above,
ls1 is my local host.
sudo docker inspect lme_elasticsearch.1.v6w6ytregj5ttdhr4xx7vkgil | grep "Running"
"Running": true,
that also shows that my ES is running..
@stephenb am thinking my issue is probably coming from the filebeat config file , i posted it above.
So here is what i am trying to do.
I am trying to export audit logs my host (DC) to target (ES)using filbeat.
Logs --->logstash---->ES---->kibana
@Rios thank you, i will try that as well.
PS C:\Program Files\filebeat-8.13.2-windows-x86_64> notepad.exe .\filebeat.yml
PS C:\Program Files\filebeat-8.13.2-windows-x86_64> .\filebeat test config
Config OK
PS C:\Program Files\filebeat-8.13.2-windows-x86_64> .\filebeat test output
elasticsearch: http://ls1:9200...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 10.1.0.5
dial up... OK
TLS... WARN secure connection disabled
talk to server... ERROR Get "http://ls1:9200": EOF
PS C:\Program Files\filebeat-8.13.2-windows-x86_64>
when i run the filebeat test config and filebeat test output, that is the result i get.
You need to share your entire Docker compose
Also I always recommend getting
Logs -> Filebeat -> Elasticsearch
Working First before trying
Logs -> Filebeat -> Logstash -> Elasticsearch
Also I suspect
https://ls1:9200
is the logstash container not the elasticsearch container
@stephenb used Winlogbeat to push the logs to Elk stack, it was much easier. Thanks for all the support.