I have an ELK stack running on Ubuntu 20.04 server which is currently ingesting Filebeat IIS logs from a Windows machine.
When I run the filebeat setup command from the Linux server to install the dashboards, index and so on, they install without errors, however when I click on the IIS dashboard or any visualisation nothing is showing up.
Once I run the filebeat command from the Windows machine which is sending the logs everything is fine.
Now, I have enabled netflow module on the Linux server hosting the ELK and the netflow data is coming in. I am afraid to run the filebeat setup from the server to install the dashboards because I take it the working IIS dashboards will get wiped and will stop working?
I don't see any clear instructions on what to do in this case
I had some issues with the setup originally. Kibana was only running on localhost and I couldn't install IIS dashboard from filebeat on the server as it was running Linux. Wish I had written down the specifics.
It seems to be okay now
I had to run filebeat setup -e --dashboards /etc/filebeat/filebeat.yml
In filebeat.yml I had to change these
kibana
host: "https://192.168.131.140"
ssl.certificate_authorities: ["/etc/kibana/certs/ca.pem"]
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["192.168.131.140:9200"]
protocol: "https"
username: "elastic"
password: ${ES_PWD}
ssl.certificate_authorities: ["/etc/kibana/certs/ca.pem"]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.