Hi,
I am new to the forum.
For some time now, we have been unable to search with our custom variables for winlogbeat logs on only two servers. I have restarted the winlog agent service but the problem still persist.
Any recommendation? Thanks
SAMY.
Hi SAMY. Can you share more information? I do not understand the question.
Hi,
From KIBANA-Discover Onglet, we unable to search event log windows with our custom variables/pattern , agent beat used is Winlogbeat,
this issue is appear just in two server, for other server we don't have this issue
exp our customer variable : rq.machinename
Picture 1 : issue
Picture 2 : No issue
error identify in log agent Winlogbeat :
2023-03-07T14:38:42.398-0500 ERROR [logstash] logstash/async.go:280 Failed to publish events caused by: write tcp 172.30.169.11:62412->172.30.230.23:5044: wsasend: Une connexion existante a dû être fermée par l’hôte distant.
2023-03-07T14:38:44.053-0500 ERROR [publisher_pipeline_output] pipeline/output.go:180 failed to publish events: write tcp 172.30.169.11:62412->172.30.230.23:5044: wsasend: Une connexion existante a dû être fermée par l’hôte distant.
test telnet :
Telnet 172.30.230.23:5044 OK
Thanks for help
The errors from Winlogbeat indicate the remote host is closing the connection. However, there are many reasons this could occur. I would start by comparing the configuration of Winlogbeat for each server. Perhaps you have misconfigured one of the server? Are you connecting via HTTPS?
I'm fairly certain this is not a Kibana issue, so I'm going to move it to the Beats forum for a more appropriate audience.
Hi,
yes connecting with https.
After comparing the configuration of Winlogbeat for each server i confirm that no misconfgured detected
Thanks
anyone can answer it?
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.