Oh gosh... That was a silly mistake... Sorry, in the process of learning, I have reconfigured it so many times that I completely overlooked this. You are right, configuration file was pointing to the wrong address. I have updated my configuration file and life is good again...
Well maybe not 100% ... good
still getting some errors
[2021-06-10T15:45:41,815][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:remo
ved=>[], :added=>[https://elastic:xxxxxx@24e8d880b5ad48caa391608657b4683f.eastus2.azure.elastic-cloud.com:9243/]}}
[2021-06-10T15:45:42,284][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"https:
//elastic:xxxxxx@24e8d880b5ad48caa391608657b4683f.eastus2.azure.elastic-cloud.com:9243/"}
[2021-06-10T15:45:42,443][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2021-06-10T15:45:42,446][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` even
t field won't be used to determine the document _type {:es_version=>7}
[2021-06-10T15:45:42,507][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outp
uts::ElasticSearch", :hosts=>["https://24e8d880b5ad48caa391608657b4683f.eastus2.azure.elastic-cloud.com:9243"]}
[2021-06-10T15:45:42,538][INFO ][logstash.outputs.elasticsearch][main] Elasticsearch pool URLs updated {:changes=>{:remo
ved=>[], :added=>[https://elastic:xxxxxx@24e8d880b5ad48caa391608657b4683f.eastus2.azure.elastic-cloud.com:9243/]}}
[2021-06-10T15:45:42,659][WARN ][logstash.outputs.elasticsearch][main] Restored connection to ES instance {:url=>"https:
//elastic:xxxxxx@24e8d880b5ad48caa391608657b4683f.eastus2.azure.elastic-cloud.com:9243/"}
[2021-06-10T15:45:42,783][INFO ][logstash.outputs.elasticsearch][main] ES Output version determined {:es_version=>7}
[2021-06-10T15:45:42,786][WARN ][logstash.outputs.elasticsearch][main] Detected a 6.x and above cluster: the `type` even
t field won't be used to determine the document _type {:es_version=>7}
[2021-06-10T15:45:42,834][INFO ][logstash.outputs.elasticsearch][main] New Elasticsearch output {:class=>"LogStash::Outp
uts::ElasticSearch", :hosts=>["https://24e8d8xxxx7b4683f.eastus2.azure.elastic-cloud.com:9243"]}
[2021-06-10T15:45:42,925][INFO ][logstash.javapipeline ][main] Starting pipeline {:pipeline_id=>"main", "pipeline.wor
kers"=>2, "pipeline.batch.size"=>125, "pipeline.batch.delay"=>50, "pipeline.max_inflight"=>250, "pipeline.sources"=>["C:
/logstash-7.12.1-windows-x86_64/logstash-7.12.1/config/logstash.conf"], :thread=>"#<Thread:0x2bafa0de run>"}
[2021-06-10T15:45:43,766][INFO ][logstash.javapipeline ][main] Pipeline Java execution initialization time {"seconds"
=>0.84}
[2021-06-10T15:45:43,816][INFO ][logstash.inputs.beats ][main] Starting input listener {:address=>"0.0.0.0:5044"}
[2021-06-10T15:45:43,834][INFO ][logstash.javapipeline ][main] Pipeline started {"pipeline.id"=>"main"}
[2021-06-10T15:45:43,914][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :
non_running_pipelines=>[]}
[2021-06-10T15:45:43,960][INFO ][org.logstash.beats.Server][main][e5980c2f89ab7ab6e256ddce0d1310850166358d3ea7245cf6df7b
5e802f2d40] Starting server on port: 5044
[2021-06-10T15:53:54,597][INFO ][org.logstash.beats.BeatsHandler][main][e5980c2f89ab7ab6e256ddce0d1310850166358d3ea7245c
f6df7b5e802f2d40] [local: 192.168.1.150:5044, remote: 192.168.1.205:63768] Handling exception: io.netty.handler.codec.De
coderException: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 92 (caused by: org.
logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 92)
[2021-06-10T15:53:54,601][WARN ][io.netty.channel.DefaultChannelPipeline][main][e5980c2f89ab7ab6e256ddce0d1310850166358d
3ea7245cf6df7b5e802f2d40] An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually m
eans the last handler in the pipeline did not handle the exception.
io.netty.handler.codec.DecoderException: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats prot
ocol: 92
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:471) ~[netty-all-4.1.49.Fina
l.jar:4.1.49.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-all-4.1.49.Fin
al.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[ne
tty-all-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.access$600(AbstractChannelHandlerContext.java:61) ~[netty-all-
4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext$7.run(AbstractChannelHandlerContext.java:370) ~[netty-all-4.1.
49.Final.jar:4.1.49.Final]
at io.netty.util.concurrent.DefaultEventExecutor.run(DefaultEventExecutor.java:66) ~[netty-all-4.1.49.Final.jar:
4.1.49.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-all-4.1.4
9.Final.jar:4.1.49.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-all-4.1.49.Final.jar:4.1.49.
Final]
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) [netty-all-4.1.49.Final
.jar:4.1.49.Final]
at java.lang.Thread.run(Thread.java:834) [?:?]
Caused by: org.logstash.beats.InvalidFrameProtocolException: Invalid version of beats protocol: 92
at org.logstash.beats.Protocol.version(Protocol.java:22) ~[logstash-input-beats-6.1.2.jar:?]
at org.logstash.beats.BeatsParser.decode(BeatsParser.java:62) ~[logstash-input-beats-6.1.2.jar:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501) ~[n
etty-all-4.1.49.Final.jar:4.1.49.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440) ~[netty-all-4.1.49.Fina
l.jar:4.1.49.Final]
PS C:\Windows\system32> cd "C:\Program Files (x86)\winlogbeat"
PS C:\Program Files (x86)\winlogbeat> .\winlogbeat.exe -e
2021-06-10T15:06:47.196-0800 INFO instance/beat.go:665 Home path: [C:\Program Files (x86)\winlogbeat] Config path: [C:\Program Files (x86)\winlogbeat] Data path: [C:\Program Files (x86)\winlogbeat\data] Logs path: [C:\Program Files (x86)\winlogbeat\logs]
2021-06-10T15:06:47.197-0800 INFO instance/beat.go:673 Beat ID: 3d395a55-2444-417d-ad73-c819727ad837
2021-06-10T15:06:47.213-0800 INFO [beat] instance/beat.go:1014 Beat info {"system_info": {"beat": {"path": {"config": "C:\\Program Files (x86)\\winlogbeat", "data": "C:\\Program Files (x86)\\winlogbeat\\data", "home": "C:\\Program Files (x86)\\winlogbeat", "logs": "C:\\Program Files (x86)\\winlogbeat\\logs"}, "type": "winlogbeat", "uuid": "3d395a55-2444-417d-ad73-c819727ad837"}}}
2021-06-10T15:06:47.213-0800 INFO [beat] instance/beat.go:1023 Build info {"system_info": {"build": {"commit": "054e224d226b42a1dd7c72dcf48c3f18de452e22", "libbeat": "7.13.0", "time": "2021-05-19T22:47:56.000Z", "version": "7.13.0"}}}
2021-06-10T15:06:47.213-0800 INFO [beat] instance/beat.go:1026 Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":1,"version":"go1.15.12"}}}
2021-06-10T15:06:47.227-0800 INFO [beat] instance/beat.go:1030 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2021-06-10T13:57:54.95-08:00","name":"DESKTOP_1","ip":["fe80::4d0f:4596:ccf9:e17e/64","192.168.1.205/24","::1/128","127.0.0.1/8"],"kernel_version":"10.0.19041.985 (WinBuild.160101.0800)","mac":["00:0c:29:0e:4b:84"],"os":{"type":"windows","family":"windows","platform":"windows","name":"Windows 10 Pro","version":"10.0","major":10,"minor":0,"patch":0,"build":"19042.985"},"timezone":"AKDT","timezone_offset_sec":-28800,"id":"dc186c98-07cb-471f-a5c7-fefad9d6cecd"}}}
2021-06-10T15:06:47.230-0800 INFO [beat] instance/beat.go:1059 Process info {"system_info": {"process": {"cwd": "C:\\Program Files (x86)\\winlogbeat", "exe": "C:\\Program Files (x86)\\winlogbeat\\winlogbeat.exe", "name": "winlogbeat.exe", "pid": 1436, "ppid": 4340, "start_time": "2021-06-10T15:06:47.083-0800"}}}
2021-06-10T15:06:47.230-0800 INFO instance/beat.go:309 Setup Beat: winlogbeat; Version: 7.13.0
2021-06-10T15:06:47.230-0800 INFO [publisher] pipeline/module.go:113 Beat name: DESKTOP_1
2021-06-10T15:06:47.230-0800 INFO beater/winlogbeat.go:69 State will be read from and persisted to C:\Program Files (x86)\winlogbeat\data\.winlogbeat.yml
2021-06-10T15:06:47.282-0800 WARN [cfgwarn] registered_domain/registered_domain.go:61 BETA: The registered_domain processor is beta.
2021-06-10T15:06:47.351-0800 WARN [cfgwarn] registered_domain/registered_domain.go:61 BETA: The registered_domain processor is beta.
2021-06-10T15:06:47.377-0800 INFO instance/beat.go:473 winlogbeat start running.
2021-06-10T15:06:47.397-0800 INFO [monitoring] log/log.go:117 Starting metrics logging every 30s
2021-06-10T15:06:47.442-0800 WARN beater/eventlogger.go:124 EventLog[Microsoft-Windows-Sysmon/Operational] Open() error. No events will be read from this source. The specified channel could not be found.
2021-06-10T15:06:50.237-0800 INFO [add_cloud_metadata] add_cloud_metadata/add_cloud_metadata.go:101 add_cloud_metadata: hosting provider type not detected.
2021-06-10T15:06:51.244-0800 INFO [publisher_pipeline_output] pipeline/output.go:143 Connecting to backoff(async(tcp://192.168.1.150:5044))
2021-06-10T15:06:51.245-0800 INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2021-06-10T15:06:51.262-0800 INFO [publisher] pipeline/retry.go:223 done
2021-06-10T15:06:51.263-0800 INFO [publisher_pipeline_output] pipeline/output.go:151 Connection to backoff(async(tcp://192.168.1.150:5044)) established
2021-06-10T15:06:53.497-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 570 events
2021-06-10T15:06:53.500-0800 INFO beater/eventlogger.go:88 EventLog[Application] successfully published 344 events
2021-06-10T15:06:54.351-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 630 events
2021-06-10T15:06:55.153-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:06:56.037-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:06:57.019-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:06:57.787-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:06:58.632-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:06:59.980-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:07:01.415-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 700 events
2021-06-10T15:07:01.955-0800 INFO beater/eventlogger.go:88 EventLog[Security] successfully published 385 events
2021-06-10T15:07:17.407-0800 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":781,"time":{"ms":781}},"total":{"ticks":7796,"time":{"ms":7796},"value":7796},"user":{"ticks":7015,"time":{"ms":7015}}},"handles":{"open":223},"info":{"ephemeral_id":"412bab9e-6e4e-4044-8681-1de8af2feba9","uptime":{"ms":30261}},"memstats":{"gc_next":42497360,"memory_alloc":38623896,"memory_sys":76498040,"memory_total":475005968,"rss":85790720},"runtime":{"goroutines":35}},"libbeat":{"config":{"module":
(please notice this is from winlog not packet beat, I decided it will be easier to set up winlog beat first)