Having issue to setup filebeat

Hello I am having issue while setup the filebeat module for threat hunting.

This is the error I am getting..

root@wazuh:/etc/kibana# sudo filebeat setup
Overwriting ILM policy is disabled. Set setup.ilm.overwrite: true for enabling.

Index setup finished.
Loading dashboards (Kibana must be running and reachable)
Exiting: error connecting to Kibana: fail to get the Kibana version: HTTP GET request to http://0.0.0.0:5601/api/status fails: fail to execute the HTTP GET request: Get "http://0.0.0.0:5601/api/status": dial tcp 0.0.0.0:5601: connect: connection refused (status=0). Response:

The configuration of the filebeat.yml file looks like this.

=================================== Kibana ===================================

setup.kibana:
host: "0.0.0.0:5601"

---------------------------- Elasticsearch Output ----------------------------

output.elasticsearch:

Array of hosts to connect to.

hosts: ["0.0.0.0:9200"]
ssl.certificate_authorities: ["/etc/elasticsearch/certs/elasticsearch.crt"]
ssl.certificate: "/etc/elasticsearch/certs/elasticsearch.crt"
ssl.key: "/etc/elasticsearch/certs/elasticsearch.key"

Protocol - either http (default) or https.

protocol: "https"

Authentication credentials - either API key or username/password.

api_key: "changed:changed changed"

username: "elastic"

#password: "changed"

  • ALso have total different question.

I have network traffic coming into elastiflow from multiple FWs and Can I apply threat intelligence/filebeat on to that network traffic. So that I do not have to setup filebeat onto multiple hosts.

Or might be my concept to filebeat is wrong. But please guide me what to do and how to do.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.