Hi,
I installed Metricbeat and enable Window module but the template Dashboard ( [Metricbeat Windows] Services ECS ) do not show any infomation (No results found). When I run this cmd with powershell: .\metricbeat.exe -e -c metricbeat.yml, the Dashboard show full information, But when terminate cmd, the Dashboard is down like the first time.
PS C:\Program Files\metricbeat> .\metricbeat.exe -e -c metricbeat.yml
2020-12-07T14:00:28.733+0700 INFO instance/beat.go:645 Home path: [C:\Program Files\metricbeat] Config path: [C:\Program Files\metricbeat] Data path: [C:\Program Files\metricbeat\data] Logs path: [C:\Program Files\metricbeat\logs]
2020-12-07T14:00:28.739+0700 INFO instance/beat.go:653 Beat ID: eb7b0af1-f452-41a7-9e30-2ebc264d7e55
2020-12-07T14:00:28.747+0700 INFO [beat] instance/beat.go:981 Beat info {"system_info": {"beat": {"path": {"config": "C:\\Program Files\\metricbeat", "data": "C:\\Program Files\\metricbeat\\data", "home": "C:\\Program Files\\metricbeat", "logs": "C:\\Program Files\\metricbeat\\logs"}, "type": "metricbeat", "uuid": "eb7b0af1-f452-41a7-9e30-2ebc264d7e55"}}}
2020-12-07T14:00:28.748+0700 INFO [beat] instance/beat.go:990 Build info {"system_info": {"build": {"commit": "1428d58cf2ed945441fb2ed03961cafa9e4ad3eb", "libbeat": "7.10.0", "time": "2020-11-09T20:08:45.000Z", "version": "7.10.0"}}}
2020-12-07T14:00:28.749+0700 INFO [beat] instance/beat.go:993 Go runtime info {"system_info": {"go": {"os":"windows","arch":"amd64","max_procs":2,"version":"go1.14.7"}}}
2020-12-07T14:00:28.753+0700 INFO [beat] instance/beat.go:997 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2020-11-11T17:36:47.1+07:00","name":"ADC-2","ip":["10.99.60.6/22","::1/128","127.0.0.1/8"],"kernel_version":"10.0.17763.1577 (WinBuild.160101.0800)","mac":["00:50:56:96:39:08"],"os":{"family":"windows","platform":"windows","name":"Windows Server 2019 Standard","version":"10.0","major":10,"minor":0,"patch":0,"build":"17763.1577"},"timezone":"+07","timezone_offset_sec":25200,"id":"fb4cee7f-ce24-4a36-83b4-13fbb741ae45"}}}
2020-12-07T14:00:28.754+0700 INFO [beat] instance/beat.go:1026 Process info {"system_info": {"process": {"cwd": "C:\\Program Files\\metricbeat", "exe": "C:\\Program Files\\metricbeat\\metricbeat.exe", "name": "metricbeat.exe", "pid": 8224, "ppid": 5260, "start_time": "2020-12-07T14:00:28.067+0700"}}}
2020-12-07T14:00:28.755+0700 INFO instance/beat.go:299 Setup Beat: metricbeat; Version: 7.10.0
2020-12-07T14:00:28.755+0700 INFO [index-management] idxmgmt/std.go:184 Set output.elasticsearch.index to 'metricbeat-7.10.0' as ILM is enabled.
2020-12-07T14:00:28.755+0700 INFO eslegclient/connection.go:99 elasticsearch url: http://10.99.60.250:9200
2020-12-07T14:00:28.756+0700 INFO [publisher] pipeline/module.go:113 Beat name: ADC-2
2020-12-07T14:00:29.252+0700 INFO instance/beat.go:455 metricbeat start running.
2020-12-07T14:00:29.252+0700 INFO [monitoring] log/log.go:118 Starting metrics logging every 30s
2020-12-07T14:00:29.264+0700 INFO helper/privileges_windows.go:79 Metricbeat process and system info: {"OSVersion":{"Major":6,"Minor":2,"Build":9200},"Arch":"amd64","NumCPU":2,"User":{"SID":"S-1-5-21-379430005-1330435470-2575689951-2280","Account":"longph","Domain":"OMINEXT","Type":1},"ProcessPrivs":{"SeBackupPrivilege":{"enabled":false},"SeChangeNotifyPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreateGlobalPrivilege":{"enabled_by_default":true,"enabled":true},"SeCreatePagefilePrivilege":{"enabled":false},"SeCreateSymbolicLinkPrivilege":{"enabled":false},"SeDebugPrivilege":{"enabled":true},"SeDelegateSessionUserImpersonatePrivilege":{"enabled":false},"SeEnableDelegationPrivilege":{"enabled":false},"SeImpersonatePrivilege":{"enabled_by_default":true,"enabled":true},"SeIncreaseBasePriorityPrivilege":{"enabled":false},"SeIncreaseQuotaPrivilege":{"enabled":false},"SeIncreaseWorkingSetPrivilege":{"enabled":false},"SeLoadDriverPrivilege":{"enabled":false},"SeMachineAccountPrivilege":{"enabled":false},"SeManageVolumePrivilege":{"enabled":false},"SeProfileSingleProcessPrivilege":{"enabled":false},"SeRemoteShutdownPrivilege":{"enabled":false},"SeRestorePrivilege":{"enabled":false},"SeSecurityPrivilege":{"enabled":false},"SeShutdownPrivilege":{"enabled":false},"SeSystemEnvironmentPrivilege":{"enabled":false},"SeSystemProfilePrivilege":{"enabled":false},"SeSystemtimePrivilege":{"enabled":false},"SeTakeOwnershipPrivilege":{"enabled":false},"SeTimeZonePrivilege":{"enabled":false},"SeUndockPrivilege":{"enabled":false}}}
2020-12-07T14:00:29.275+0700 INFO helper/privileges_windows.go:87 SeDebugPrivilege is enabled. SeDebugPrivilege=(Enabled)
2020-12-07T14:00:29.278+0700 INFO cfgfile/reload.go:164 Config reloader started
2020-12-07T14:00:29.280+0700 INFO cfgfile/reload.go:224 Loading of config files completed.
2020-12-07T14:00:31.762+0700 INFO [add_cloud_metadata] add_cloud_metadata/add_cloud_metadata.go:89 add_cloud_metadata: hosting provider type not detected.
2020-12-07T14:00:32.769+0700 INFO [publisher_pipeline_output] pipeline/output.go:143 Connecting to backoff(elasticsearch(http://10.99.60.250:9200))
2020-12-07T14:00:32.769+0700 INFO [publisher] pipeline/retry.go:219 retryer: send unwait signal to consumer
2020-12-07T14:00:32.771+0700 INFO [publisher] pipeline/retry.go:223 done
2020-12-07T14:00:32.772+0700 INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.0
2020-12-07T14:00:32.789+0700 INFO [license] licenser/es_callback.go:51 Elasticsearch license: Basic
2020-12-07T14:00:32.801+0700 INFO [esclientleg] eslegclient/connection.go:314 Attempting to connect to Elasticsearch version 7.10.0
2020-12-07T14:00:32.819+0700 INFO [index-management] idxmgmt/std.go:261 Auto ILM enable success.
2020-12-07T14:00:32.838+0700 INFO [index-management.ilm] ilm/std.go:139 do not generate ilm policy: exists=true, overwrite=false
2020-12-07T14:00:32.839+0700 INFO [index-management] idxmgmt/std.go:274 ILM policy successfully loaded.
2020-12-07T14:00:32.839+0700 INFO [index-management] idxmgmt/std.go:407 Set setup.template.name to '{metricbeat-7.10.0 {now/d}-000001}' as ILM is enabled.
2020-12-07T14:00:32.840+0700 INFO [index-management] idxmgmt/std.go:412 Set setup.template.pattern to 'metricbeat-7.10.0-*' as ILM is enabled.
2020-12-07T14:00:32.840+0700 INFO [index-management] idxmgmt/std.go:446 Set settings.index.lifecycle.rollover_alias in template to {metricbeat-7.10.0 {now/d}-000001} as ILM is enabled.
2020-12-07T14:00:32.841+0700 INFO [index-management] idxmgmt/std.go:450 Set settings.index.lifecycle.name in template to {metricbeat {"policy":{"phases":{"hot":{"actions":{"rollover":{"max_age":"30d","max_size":"50gb"}}}}}}} as ILM is enabled.
2020-12-07T14:00:32.843+0700 INFO template/load.go:97 Template metricbeat-7.10.0 already exists and will not be overwritten.
2020-12-07T14:00:32.848+0700 INFO [index-management] idxmgmt/std.go:298 Loaded index template.
2020-12-07T14:00:32.850+0700 INFO [index-management] idxmgmt/std.go:309 Write alias successfully generated.
2020-12-07T14:00:32.854+0700 INFO [publisher_pipeline_output] pipeline/output.go:151 Connection to backoff(elasticsearch(http://10.99.60.250:9200)) established
2020-12-07T14:00:59.272+0700 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":562,"time":{"ms":562}},"total":{"ticks":952,"time":{"ms":952},"value":952},"user":{"ticks":390,"time":{"ms":390}}},"handles":{"open":265},"info":{"ephemeral_id":"3cc729b7-5802-4e5f-b09f-fc2bc5218784","uptime":{"ms":31155}},"memstats":{"gc_next":18302000,"memory_alloc":16299688,"memory_total":41735152,"rss":57659392},"runtime":{"goroutines":63}},"libbeat":{"config":{"module":{"running":4,"starts":4},"reloads":1,"scans":1},"output":{"events":{"acked":278,"batches":9,"total":278},"read":{"bytes":7749},"type":"elasticsearch","write":{"bytes":302591}},"pipeline":{"clients":10,"events":{"active":0,"published":278,"retry":50,"total":278},"queue":{"acked":278}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"filesystem":{"events":1,"success":1},"fsstat":{"events":1,"success":1},"memory":{"events":3,"success":3},"network":{"events":8,"success":8},"process":{"events":30,"success":30},"process_summary":{"events":3,"success":3},"socket_summary":{"events":3,"success":3},"uptime":{"events":1,"success":1}},"windows":{"service":{"events":225,"success":225}}},"system":{"cpu":{"cores":2}}}}}
2020-12-07T14:01:29.262+0700 INFO [monitoring] log/log.go:145 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":703,"time":{"ms":141}},"total":{"ticks":1218,"time":{"ms":266},"value":1218},"user":{"ticks":515,"time":{"ms":125}}},"handles":{"open":267},"info":{"ephemeral_id":"3cc729b7-5802-4e5f-b09f-fc2bc5218784","uptime":{"ms":61144}},"memstats":{"gc_next":18444688,"memory_alloc":16445528,"memory_total":50565944,"rss":1773568},"runtime":{"goroutines":63}},"libbeat":{"config":{"module":{"running":4}},"output":{"events":{"acked":51,"batches":6,"total":51},"read":{"bytes":2411},"write":{"bytes":59333}},"pipeline":{"clients":10,"events":{"active":0,"published":51,"total":51},"queue":{"acked":51}}},"metricbeat":{"system":{"cpu":{"events":3,"success":3},"memory":{"events":3,"success":3},"network":{"events":9,"success":9},"process":{"events":30,"success":30},"process_summary":{"events":3,"success":3},"socket_summary":{"events":3,"success":3}}}}}}
windows.yml
# Module: windows
# Docs: https://www.elastic.co/guide/en/beats/metricbeat/7.10/metricbeat-module-windows.html
- module: windows
metricsets:
- service
period: 1m
#- module: windows
# metricsets:
# - perfmon
# period: 10s
# perfmon.queries:
# - object: 'Process'
# instance: ["*"]
# counters:
# - name: 'Disk Writes/sec'
# field: physical_disk.write.per_sec
# format: "float"
# - name: "% Disk Write Time"
metricbeat.yml is default