filebeat service is running, but I see nothing from it on elasticsearch
filebeat index below is from Linux client and it is working fine..
curl -XGET "https://d4850cf616524f54b7ec7628ed283e2a.deyaa.lab:9243/_cat/indices" -u elastic:NDpdAvg4DRPw06JrdWIxkB3m
yellow open .siem-signals-default-000001 59wtUPnjRfW1AxnlsfuEyw 1 1 0 0 208b 208b
green open .apm-agent-configuration C1t3A7EiRSKiXCK_hwQ8Nw 1 0 0 0 208b 208b
green open .transform-internal-005 ClcGHM-aSaOJ3tSScjXQRQ 1 0 3 0 24.2kb 24.2kb
green open filebeat-7.12.1-2021.06.18-000001 kri7PvH-SICTR5FfpuOhyQ 1 0 4633 0 1.1mb 1.1mb
green open .kibana_1 R-FkURggTTaaFWqkr1Ypvw 1 0 69 42 4.3mb 4.3mb
green open metrics-endpoint.metadata_current_default ZUOwXYAVTLKQAS401PW1Zw 1 0 0 0 208b 208b
green open .security-tokens-7 _CWf03PqSl-RL7nh8RFroA 1 0 7 0 68.3kb 68.3kb
green open .security-7 WSZJV33kT-SF2dSaf_Ap1Q 1 0 58 0 151.6kb 151.6kb
green open .apm-custom-link gP4keOeiSUGiz6Xq5qSDoQ 1 0 0 0 208b 208b
green open metricbeat-7.12.1-2021.06.18-000001 4_4hKWcRTgS6MNygxIHvSw 1 0 13842 0 4.2mb 4.2mb
green open .kibana_task_manager_1 QQYGgBpbT5qrDEc2ntaVJA 1 0 6 441 159.7kb 159.7kb
green open .kibana-event-log-7.10.1-000001 KfCjHacLQQOX-2OK_iZNKA 1 0 1 0 5.6kb 5.6kb
green open .async-search bIjGoWXlQmGjc9cyCBGiUw 1 0 0 0 3.3kb 3.3kb
content of c:\program files\filebeat\filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- c:\monitorme\*
- type: filestream
enabled: false
paths:
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.kibana:
host: "https://a9478dd520cb451e9fe6c4bc9cd4f225.deyaa.lab:9243"
output.elasticsearch:
hosts: [ "d4850cf616524f54b7ec7628ed283e2a.deyaa.lab:9243" ]
protocol: "https"
username: "elastic"
password: "NDpdAvg4DRPw06JrdWIxkB3m"
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
filebeat test commands:
PS C:\Program Files\filebeat> .\filebeat.exe test output
elasticsearch: https://d4850cf616524f54b7ec7628ed283e2a.deyaa.lab:9243...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 192.168.0.5
dial up... OK
TLS...
security... WARN server's certificate chain verification is disabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... OK
version: 7.10.1
PS C:\Program Files\filebeat> .\filebeat.exe test config -e
.\filebeat.exe : 2021-06-18T07:18:46.460+0300 INFO instance/beat.go:665 Home path:
[C:\Program Files\filebeat] Config path: [C:\Program Files\filebeat] Data path:
[C:\Program Files\filebeat\data] Logs path: [C:\Program Files\filebeat\logs]
At line:1 char:1
+ .\filebeat.exe test config -e
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (2021-06-18T07:1...\filebeat\logs]:Strin
g) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
2021-06-18T07:18:46.460+0300 INFO instance/beat.go:673 Beat ID:
0afce123-4b84-41a7-b4d5-e8873761a86c
2021-06-18T07:18:46.467+0300 INFO [beat] instance/beat.go:1014 Beat info
{"system_info": {"beat": {"path": {"config": "C:\\Program Files\\filebeat", "data":
"C:\\Program Files\\filebeat\\data", "home": "C:\\Program Files\\filebeat", "logs":
"C:\\Program Files\\filebeat\\logs"}, "type": "filebeat", "uuid":
"0afce123-4b84-41a7-b4d5-e8873761a86c"}}}
2021-06-18T07:18:46.467+0300 INFO [beat] instance/beat.go:1023 Build info
{"system_info": {"build": {"commit": "054e224d226b42a1dd7c72dcf48c3f18de452e22",
"libbeat": "7.13.0", "time": "2021-05-19T22:28:57.000Z", "version": "7.13.0"}}}
2021-06-18T07:18:46.467+0300 INFO [beat] instance/beat.go:1026 Go runtime info
{"system_info": {"go":
{"os":"windows","arch":"amd64","max_procs":2,"version":"go1.15.12"}}}
2021-06-18T07:18:46.473+0300 INFO [beat] instance/beat.go:1030 Host info
{"system_info": {"host": {"architecture":"x86_64","boot_time":"2021-05-23T11:23:56.96
+03:00","name":"windowsclient","ip":["192.168.0.8/24","fe80::5efe:c0a8:8/128","::1/12
8","127.0.0.1/8","2001:0:2851:782c:3c2d:89a:3f57:fff7/64","fe80::3c2d:89a:3f57:fff7/6
4"],"kernel_version":"10.0.14393.0 (rs1_release.160715-1616)","mac":["02:71:a5:9a:a9:
4b","00:00:00:00:00:00:00:e0","00:00:00:00:00:00:00:e0"],"os":{"type":"windows","fami
ly":"windows","platform":"windows","name":"Windows Server 2016 Standard","version":"1
0.0","major":10,"minor":0,"patch":0,"build":"14393.0"},"timezone":"+03","timezone_off
set_sec":10800,"id":"863e3cb5-82f7-415c-b6fb-1d7549aec666"}}}
2021-06-18T07:18:46.473+0300 INFO [beat] instance/beat.go:1059 Process info
{"system_info": {"process": {"cwd": "C:\\Program Files\\filebeat", "exe":
"C:\\Program Files\\filebeat\\filebeat.exe", "name": "filebeat.exe", "pid": 1572,
"ppid": 3264, "start_time": "2021-06-18T07:18:46.371+0300"}}}
2021-06-18T07:18:46.473+0300 INFO instance/beat.go:309 Setup Beat: filebeat;
Version: 7.13.0
2021-06-18T07:18:46.473+0300 INFO [index-management] idxmgmt/std.go:184 Set
output.elasticsearch.index to 'filebeat-7.13.0' as ILM is enabled.
2021-06-18T07:18:46.473+0300 INFO eslegclient/connection.go:99 elasticsearch url:
https://d4850cf616524f54b7ec7628ed283e2a.deyaa.lab:9243
2021-06-18T07:18:46.473+0300 INFO [publisher] pipeline/module.go:113 Beat name:
windowsclient
Config OK
PS C:\Program Files\filebeat> .\filebeat.exe version
filebeat version 7.13.0 (amd64), libbeat 7.13.0 [054e224d226b42a1dd7c72dcf48c3f18de452
e22 built 2021-05-19 22:28:57 +0000 UTC]
PS C:\Program Files\filebeat>
what I am doing wrong ?