Kibana 401 Unauthorized

Hello,
I would like to setup the dashboard of Winlogbeat in Kibana, but when I start Winlogbeat I have an error.
I have done a curl, and saw that I got the error 401 as response.
My architecture is : Winlogbeat → Kafka → Logstash → Elastic
Here is winlogbeat.yml

# ======= Winlogbeat specific options ========

winlogbeat.event_logs:
  - name: Application
    ignore_older: 72h

  - name: System

  - name: Security

  - name: Microsoft-Windows-Sysmon/Operational

  - name: Windows PowerShell
    event_id: 400, 403, 600, 800

  - name: Microsoft-Windows-PowerShell/Operational
    event_id: 4103, 4104, 4105, 4106

  - name: ForwardedEvents
    tags: [forwarded]

setup.dashboards.enabled: true
setup.dashboards.url: "http://10.60.101.10:5601/"

setup.kibana:
  host: "http://10.60.101.10:5601"
  username: "elastic"
  password: "Yrl1d4Q_SQ3k3aX4EseO"

# ---------------------------- Kafka Output ----------------------------
output.kafka:
  codec.format:
    string: '%{[@timestamp]}%{[message]}'
  hosts: ["10.60.101.11:9092"]
  topic: 'windows'
  partition.round_robin:
    reachable_only: false
  required_acks: 1
  compression: gzip
  max_message_bytes: 1000000

# =============== Processors ========
processors:
  - add_host_metadata:
      when.not.contains.tags: forwarded
  - add_cloud_metadata: ~

# ============ Winlogbeat Logs =============
logging.to_files: true
logging.files:
  path: C:\Program Files\Winlogbeat\Logs
logging.level: info

If you need more information do not hesitate
Thank you

You're getting a 401 when you use those details in your curl?

When I do a curl with the following command

curl -u elastic http://10.60.101.10:5601/api/status

I get all information I need, but I don't know why it do not work with Winlogbeat

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.