Hey I am using winlogbeat on my windows machine with sysmon64.
my winlogbeat.yml file is configured correctly. I have checked with the config command.
once I run ./winlogbeat.exe setup -e ! my index and dashboards get loaded succesfully and I have checked that on my kibana discover tab.
The problem is that I am not getting any logs !
any help
Hello Yassine,
Did you mean that when you start ./winlogbeat.exe setup -e you get logsinto your cluster; but you you run your winlogbeatservice you don't get any?
Hello,
winlogbeat-service is working perfectly.
when I run ./winlogbeat.exe setup -e I get everything okay that my dashboard and index were loaded.
I go to my kibana through "ip-address:5601", I click on discover then I find that my "winlogbeat" indexx is there when I click on it, there is no logs.
You might have timstamps issues , that can be due to the timezone of your server vs the time zone of your kibana.
One way to chek that is to set you time intervall , in kibana , to a wide one try 1 year for example.
This is the first thing I have checked in both my elk server and windows node. it's the same time
What i would do in that case is to check if my datastream is created and eventually click on the temporary discorvery from there.
You can find it in kibana: index management > datastream
If you don't have the datasream i would tend to think you have an issue in the ingestion or in the mapping.
I will elaborate more if you don't find the datestream ...
my data stream is set correctly
If your datastream is created via your index pattern then you can just query it in devtools to check its data:
GET your_data_stream_name/_search
Thank you ! It's working now
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.