I am working on version 8.10.2 of Elastic, Kibana and Filebeat. I am trying to get IIS.YML to work but I am running into a some errors.
I am running this command:
.\filebeat.exe -e -c D:\Filebeat\modules.d\iis.yml and I am getting this error:
Exiting: no outputs are defined, please define one under the output section.
Can someone help me figure out the issue?
Here is my IIS.YML
# Docs: https://www.elastic.co/guide/en/beats/filebeat/8.10/filebeat-module-iis.html
- module: iis
# Access logs
access:
enabled: "true"
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths: ["D:/01-evidence/IIS/*.log"]
# Error logs
error:
enabled: false
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
# var.paths:
# =============================== Kibana ===============================
# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API.
# This requires a Kibana endpoint configuration.
- setup.kibana.host: "http://localhost:5601"
#hosts: ["https://localhost:9200", "https://1.1.1.1:9200"]
# Kibana Space ID
# ID of the Kibana Space into which the dashboards should be loaded. By default,
# the Default Space will be used.
# space.id:
# ============================ Elastic Cloud ============================
# These settings simplify using Filebeat with the Elastic Cloud (https://cloud.elastic.co/).
# The cloud.id setting overwrites the `output.elasticsearch.hosts` and
# `setup.kibana.host` options.
# You can find the `cloud.id` in the Elastic Cloud web UI.
# cloud.id:
# The cloud.auth setting overwrites the `output.elasticsearch.username` and
# `output.elasticsearch.password` settings. The format is `<user>:<pass>`.
# cloud.auth:
# =============================== Outputs ===============================
# Configure what output to use when sending the data collected by the beat.
# ---------------------------- Elasticsearch Output ----------------------------
- output.elasticsearch:
# Array of hosts to connect to.
hosts: ["https://localhost:9200", "https://1.1.1.1:9200"]
# Protocol - either `http` (default) or `https`.
# protocol: "https"
username: "user"
password: "pass"
ssl.verification_mode: none
# ------------------------------ Logstash Output ------------------------------```